secure-memory-stack
v1.0.0一个安全的本地化记忆系统,结合百度Embedding语义搜索、Git Notes结构化存储和文件系统,确保数据隐私和安全。
⭐ 3· 1.9k·1 current·1 all-time
by@xqicxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims '完全本地化 / 零数据上传' but many scripts and docs require or attempt to use Baidu embedding APIs (BAIDU_API_STRING / BAIDU_SECRET_KEY) and import modules that contact external services. The registry metadata lists no required env vars while clawdbot.skill.json includes optional Baidu keys; several runtime scripts treat those keys as mandatory. This is a mismatch between the stated purpose (local-only) and the capability (optional external API integration).
Instruction Scope
SKILL.md and the included scripts instruct the agent to create, read, and modify many files and directories under /root/clawd (MEMORY.md, SESSION-STATE.md, memory/, backups/, .git operations). Several scripts (startup checks, verification, diagnose) import and run Python modules from other skills' directories (e.g., memory-baidu-embedding-db, git-notes-memory, baidu-vector-db), run git operations, and run arbitrary Python code. Some scripts will fail or exit if Baidu env vars are not present, so their behavior is conditional but intrusive. The skill also runs recursive chmod and copies files — broader file-system access than a minimal memory helper.
Install Mechanism
There is no formal install spec (instruction-only), which reduces direct supply-chain risk, but package.json declares Node dependencies (memory-baidu-embedding-db, git-notes-memory) and scripts expect Python modules under /root/clawd/skills/… . The code assumes other skill packages or modules are present on-disk; lack of a clear, trusted install/retrieval mechanism for those dependencies is an inconsistency and increases operational fragility.
Credentials
The repository and scripts reference sensitive environment variables (BAIDU_API_STRING, BAIDU_SECRET_KEY, BAIDU_API_KEY, BAIDU_EMBEDDING_ACTIVE, EMBEDDING_CACHE_ENABLED, PERFORMANCE_MODE) yet the registry metadata declared 'Required env vars: none' (and BAIDU keys marked optional). Several scripts actively require those env vars and will exit on missing credentials. Asking for secret API credentials to use an 'offline' memory system is disproportionate unless the user explicitly enables semantic search; this contradiction should be clearly documented and enforced only when necessary.
Persistence & Privilege
always is false (good), but the skill's scripts create and modify files under /root/clawd, initialize git repos, set global file permissions (chmod -R 755 on workspace), write backups, and update SESSION/MEMORY files. Those actions give the skill broad filesystem persistence within the Clawd workspace and can alter other skills' directories (it probes /root/clawd/skills/* and checks WHITELISTED.md). While not necessarily malicious, these are high-privilege operations and warrant caution.
What to consider before installing
Key points before installing: 1) This package claims 'local-only' but many scripts will call external Baidu embedding APIs if you provide credentials — don't provide BAIDU_API_* keys unless you trust the implementation and need remote embedding. 2) Inspect scripts that run Python modules from /root/clawd/skills/* — those imports execute code from other skill folders; ensure those modules are trusted. 3) The skill creates and modifies many files under /root/clawd and runs chmod -R on that workspace; run in an isolated test environment (non-root) or snapshot/backup /root/clawd before use. 4) Because there is no explicit install spec for dependencies, verify how memory-baidu-embedding-db and git-notes-memory are installed and from what sources. 5) If you want to proceed, run the skill in a sandbox/container, avoid supplying real secret credentials until you audit the code paths that send data externally, and consider setting file-system permissions/ownership limits so the skill cannot alter unrelated system files.Like a lobster shell, security has layers — review code before you run it.
latestvk970ryjzggcej1tcncdfd8wyrd80fetc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.