registry  /  @scotthuang/engram  /  0.12.1

@scotthuang/engram@0.12.1

分层语义记忆系统 - OpenClaw Plugin

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The extension performs its advertised semantic-memory, optional cloud-LLM, local API, and voice-recognition functions after OpenClaw loads it.

Static reason
No blocking static signals were detected.
Trigger
OpenClaw loads the declared extension; configured memory, voice, or CLI actions invoke their respective features.
Impact
User session and audio content may be processed by user-configured or documented third-party AI services as part of requested features.
Mechanism
Workspace memory processing with configured cloud APIs and loopback service clients.
Rationale
The published source is a functional OpenClaw semantic-memory extension and its potentially sensitive network and filesystem behavior is feature-aligned. No unconsented install-time mutation, credential theft, hidden exfiltration endpoint, remote payload execution, or destructive behavior was found.
Evidence
package.jsonopenclaw.plugin.jsondist/index.jsdist/config.jsdist/recall.jsdist/vector.jsdist/voice-identify.jsdist/face/service/memory-api.js
Network endpoints4
api.lkeap.cloud.tencent.com/plan/anthropicasr.tencentcloudapi.com127.0.0.1:8766127.0.0.1:8765

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/index.js` auto-loads a fixed local `~/github/news-knowledge-base/.../news_search.js` module when vector search is configured.
  • `dist/index.js` reads OpenClaw session transcripts and can send supplied content to its configured/default LLM API.
  • `dist/voice-identify.js` uploads explicitly supplied audio to Tencent Cloud ASR.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • `openclaw.plugin.json` declares a first-party memory extension and no install hooks.
  • Network calls use configured AI/ASR services or loopback APIs, not a hidden collector.
  • Writes are memory, profile, vector, face, and log data under the configured workspace.
  • No child-process, shell, eval/vm, or remote-code-loading API was found in `dist/*.js`.
  • The local dynamic import is optional, fixed-path, and failure is handled as non-critical.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 25 file(s), 591 KB of source, external domains: 127.0.0.1, api.lkeap.cloud.tencent.com, asr.tencentcloudapi.com, dashscope.aliyuncs.com, yeybm.gzyxedu.net

Source & flagged code

3 flagged · loading source
dist/index.jsView file
Published source reference
Low
Ai Review Evidence

`dist/index.js` auto-loads a fixed local `~/github/news-knowledge-base/.../news_search.js` module when vector search is configured.

dist/index.jsView on unpkg
Published source reference
Low
Ai Review Evidence

`dist/index.js` reads OpenClaw session transcripts and can send supplied content to its configured/default LLM API.

dist/index.jsView on unpkg
dist/voice-identify.jsView file
Published source reference
Low
Ai Review Evidence

`dist/voice-identify.js` uploads explicitly supplied audio to Tencent Cloud ASR.

dist/voice-identify.jsView on unpkg

Findings

2 Medium7 Low
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowAi Review Evidencedist/index.js
LowAi Review Evidencedist/index.js
LowAi Review Evidencedist/voice-identify.js