Skip to content

Add SafeSkill security badge (83/100 — Passes with Notes)#1

Closed
OyaAIProd wants to merge 39 commits into
ourmem:mainfrom
OyaAIProd:safeskill-scan-1774783949339
Closed

Add SafeSkill security badge (83/100 — Passes with Notes)#1
OyaAIProd wants to merge 39 commits into
ourmem:mainfrom
OyaAIProd:safeskill-scan-1774783949339

Conversation

@OyaAIProd

Copy link
Copy Markdown

⚠️ SafeSkill Security Scan Results

Metric Value
Overall Score 83/100 (Passes with Notes)
Code Score 96/100
Content Score 59/100
Findings 55 findings detected (11 critical)
Taint Flows 0
Files Scanned 17
Scan Duration 1.4s

Top Findings

  • 🔴 critical: Accesses sensitive environment variable: OMEM_API_KEY (plugins/mcp/src/client.ts:156)
  • 🔴 critical: Accesses sensitive environment variable: OMEM_API_KEY (plugins/openclaw/src/index.ts:25)
  • 🔴 critical: Accesses sensitive environment variable: OMEM_API_KEY (plugins/opencode/src/index.ts:10)
  • 🔴 critical: Data exfiltration pattern detected (sensitive-path-ref): "~/.bashrc" (skills/ourmem/references/hosted-setup.md:70)
  • 🔴 critical: Data exfiltration pattern detected (sensitive-path-ref): "~/.zshrc" (skills/ourmem/references/hosted-setup.md:70)

View full report on SafeSkill


This PR was automatically generated by SafeSkill — the security scanner for AI tools and MCP servers.

ourmem added 30 commits March 28, 2026 01:35
- 4 platform plugins: OpenCode, Claude Code, OpenClaw, MCP Server
- SKILL.md (hosted + self-hosted) with Smart Ingest, Analytics, Security
- API documentation (35 endpoints)
- Agent-first Quick Start (one message install)
- Space-based memory sharing (Personal/Team/Organization)
- Apache-2.0 license (plugins and docs)
@yhyyz yhyyz closed this Mar 31, 2026
yhyyz pushed a commit that referenced this pull request May 22, 2026
…recall

stage_length_normalization divided each result's fused score by (1 + log2(content_len/500)).max(1.0), penalizing long memories up to ~4x (a 4KB note /4). Cosine similarity is already length-invariant, so this double-penalized length and buried detailed runbooks/inventories under short, less-relevant entries: the #1 vector hit (0.658) was demoted to ~0.16 and dropped from the top-k. Disable it — length must not suppress recall in a memory store.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants