人脑系统
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is mostly a coherent local memory/self-maintenance skill, but it persists broad OpenClaw state and includes background execution plus an unsafe shell check that should be reviewed before use.
Install only if you want a durable local memory system and are comfortable with it copying OpenClaw memory/state files. Before running the scripts, fix the unsafe PID shell command, review what backup/recall/checkpoint files contain, and avoid enabling the hot-reload watcher or cron-style persistence unless you know how to stop and clean it up.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A modified local state file could turn a harmless-looking fullness/status check into command execution in the OpenClaw environment.
A PID read from a local state file is inserted into a bash command string. If that file is poisoned with shell metacharacters, running this status check could execute unintended commands.
pid=pidfile.read_text().strip()
hot=subprocess.run(['bash','-lc',f'kill -0 {pid}'], ...)Do not run this script until the PID is validated as an integer and invoked without a shell, for example using ['kill', '-0', pid].
If enabled, the skill can keep operating after the immediate user request and continue creating checkpoints/consolidations from local state.
When run without --once, the watcher remains active indefinitely and automatically runs refresh actions when watched brain/body files change.
while True:
once()
time.sleep(interval)Run the watcher only intentionally, prefer one-shot mode unless persistence is needed, and require clear start/stop, PID, log, and cleanup instructions before using it as a daemon or cron job.
Private preferences, operational notes, authority state, or poisoned memory can be duplicated and kept longer than expected.
The backup script archives broad user/agent memory, tool files, checkpoints, and another skill's state into durable backups, with no shown redaction, retention, or exclusion controls.
tar -czf "$out" -C /root/.openclaw/workspace \ AGENTS.md SOUL.md USER.md TOOLS.md MEMORY.md memory skills/brain-system skills/server-body-ops context-checkpoints ...
Review what is stored before running backups; exclude secrets and sensitive authority files, set retention limits, and delete old backups when no longer needed.
Privilege or authority information from another OpenClaw skill may be exposed to the assistant context or copied into memory artifacts.
Boot recall includes another skill's authority/privilege state in the recalled context. The artifact does not show credential theft, but this is privileged local state users should notice.
'skills/server-body-ops/state/authority.json'
Inspect authority.json before using recall/checkpoint/backup flows, and avoid storing secrets or unnecessary privilege details there.