一套优雅的模块化智能记忆系统,支持 embeddings、reranker 和 Flomo 笔记集成。
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users could unknowingly rely on a shipped credential, and the credential owner’s account could be exposed to unauthorized use, billing, or data association.
The template contains a real-looking Edgefn API key rather than a placeholder, while the registry declares no primary credential or required env var.
"apiKey": "sk-BrwHc1...F3AbE6", "baseUrl": "https://api.edgefn.net/v1"
Remove and rotate the exposed key, replace it with a placeholder, and declare the required Edgefn API key or environment variable in the skill metadata.
Users may over-trust the skill’s credential handling and privacy posture because the documentation contradicts the packaged configuration.
The documentation claims there are no hardcoded keys, but config/template.json contains a real-looking sk- API key.
- **安全优先**: 配置驱动,无硬编码密钥
Correct the documentation, remove the embedded key, and add clear privacy and credential-handling guidance.
Private notes, imported Flomo content, and search queries may leave the local machine for embedding or reranking.
Memory text is sent to the configured Edgefn embeddings endpoint; the reranker provider similarly sends queries and documents to Edgefn.
requestData = { model: this.config.model, input: texts, dimensions: this.config.dimensions } ... https.request(`${this.config.baseUrl}/embeddings`)Use your own trusted API key/provider, avoid storing highly sensitive notes, and review the provider’s retention and privacy terms.
If this adapter is used for import, the memory system can be populated with fabricated sample notes that may affect later search results or agent context.
The simplified Flomo adapter returns hardcoded mock notes instead of parsing the provided Flomo export.
// 简单实现:返回模拟数据 ... content: '示例 Flomo 笔记:这是第一条笔记 #示例 #测试'
Replace the mock adapter with a real parser, clearly label demo behavior, and require users to preview and confirm imported notes before storing them.