memory-hygiene
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructions specify destructive file system operations (
rm -rf ~/.clawdbot/memory/lancedb/) to clear local database directories as part of the cleaning process.\n- [COMMAND_EXECUTION]: Suggests establishing a persistence mechanism by adding a recurring monthly cron job for automated memory maintenance tasks.\n- [DATA_EXFILTRATION]: Documentation encourages storing sensitive metadata, such as the locations of credentials and contact details, within the agent's long-term vector memory, which increases the risk of accidental data exposure.\n- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where unvalidated user data is ingested via thememory_storecapability and stored in the agent's context.\n - Ingestion points:
SKILL.md(via thememory_storecommand parameters).\n - Boundary markers: Absent for the stored text content.\n
- Capability inventory: Shell command execution (
rm -rf), system service management (clawdbot gateway restart), and configuration modification (gateway action=config.patch).\n - Sanitization: No input validation or filtering is specified for data before it is committed to memory.
Audit Metadata