context-recovery
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
ls,grep, andjqto read local session logs and memory files located in the user's home directory (e.g.,~/.clawdbot-*). These operations are restricted to the agent's own data directories for the purpose of context recovery. - [DATA_EXFILTRATION]: While the skill reads message history from external platforms like Slack and Discord, it does so using a standard
message:readinterface and processes the data locally to restore the agent's state. No sensitive data is transmitted to unauthorized external domains. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external chat platforms (Step 2). While it lacks explicit sanitization markers, the risk is mitigated as the recovered content is presented back to the user for confirmation and used to inform the agent's internal state rather than being directly executed as code.
Audit Metadata