涤尘
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved carelessly, changes could alter future agent behavior or remove useful memory records.
The skill explicitly allows the agent to modify skill definitions, update scripts, append memory, create memory files, and delete old daily records after user confirmation.
修复 SKILL.md 中的错误... 删除可清理的文件... 更新脚本中的过时路径... 用户确认后删除已过时效的每日记录文件
Review each proposed file change and deletion list before approving, and keep backups for important memory or skill files.
Running the scan could change the managed Python environment and depend on the current PyPI package supply chain.
The scanner may install the unpinned PyYAML package at runtime if it is missing.
subprocess.run([sys.executable, "-m", "pip", "install", "pyyaml", "--quiet"], capture_output=True, timeout=30)
Prefer declaring and pinning PyYAML as a dependency, or ask the user before installing packages at runtime.
Private notes may be summarized in conversation or persisted into long-term memory where they can influence future agent behavior.
The skill reads memory files and can write persistent long-term memory or memory pointers after user approval.
扫描记忆文件... 将用户确认的内容追加到 MEMORY.md... 创建 `{topic}_memory.md` 并更新 MEMORY.md 中的引用Check the extracted snippets and proposed MEMORY.md additions carefully, especially for sensitive, outdated, or misleading information.