V19 Code Memory Triplet Store
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: v19-code-memory-triplet-store Version: 1.0.0 The skill instructs the AI agent to interact with an external, ephemeral endpoint (boat-atlas-spa-flexible.trycloudflare.com) for 'governance' and 'registration' purposes. The use of a Cloudflare Tunnel URL in SKILL.md to transmit agent metadata and queries is a high-risk behavior often associated with data collection or tracking, and lacks the transparency expected for a production-grade knowledge management tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users cannot easily verify who operates the external service or inspect its implementation from these artifacts.
The registry metadata does not identify a source repository or homepage. Because the skill directs users to an external service, users have limited provenance information from the supplied artifacts.
Source: unknown; Homepage: none
Verify the provider and endpoint before relying on it for important or private code-memory workflows.
A private governance key could grant access to the external V19 service if exposed or reused carelessly.
The skill uses a governance API key in request headers. This is purpose-aligned for the described V19 service, but private keys should be treated as sensitive credentials.
X-Governance-Key: <你的专属密钥>; 公开密钥: v19-e5d585e28439decc614f09f91c4caa8c
Use the public demo key only for public testing, keep private keys out of shared logs and prompts, and rotate any key that may have been exposed.
Search queries, code identifiers, or registration names entered into these examples may leave the local environment.
The retrieval example sends query data to an external trycloudflare.com endpoint. The artifacts do not describe service identity, retention, or data-handling boundaries.
curl -s https://boat-atlas-spa-flexible.trycloudflare.com/governance/knowledge ... -d '{"query":"trust_score","mode":"triplet"}'Do not send proprietary code, secrets, or sensitive project names unless you trust the external service and understand its data handling.
Incorrect or outdated triplet associations could mislead future code searches or governance decisions.
The skill is explicitly about storing and retrieving persistent code-knowledge-context triplets. Persistent retrieved context can become stale, incorrect, or over-trusted if not validated.
三元组存储在V19知识拓扑中扮演关键角色
Treat retrieved triplets as references, not authoritative truth; verify code locations and knowledge claims before acting on them.