openclaw-memory-enhancer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design, as it ingests historical chat data and memory logs and interpolates them into the agent's prompt.
- Ingestion points: The
MemoryEnhancer.load_openclaw_memory(inmemory_enhancer.py) andMemoryEnhancerEdge.load_openclaw_memory(inmemory_enhancer_edge.py) functions automatically read and process all Markdown files within the user's~/.openclaw/workspace/memory/directory. - Boundary markers: The
recall_for_promptfunction in both core modules prepends retrieved context with a simple[相关记忆](Relevant Memories) header. It does not include specific instructions or delimiters (such as XML tags or system-level warnings) to prevent the LLM from accidentally executing commands embedded within those historical snippets. - Capability inventory: The skill is capable of fetching and injecting data into active conversation prompts to provide context.
- Sanitization: The retrieved text is injected directly after truncation without character escaping or filtering for instruction-like patterns.
Audit Metadata