memory-hygiene
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute
rm -rf ~/.clawdbot/memory/lancedb/to wipe memory. Automated recursive deletion commands are inherently risky and could lead to significant data loss if the path is manipulated or misconfigured.\n- [CREDENTIALS_UNSAFE] (MEDIUM): The documentation recommends storing 'credentials locations' and 'accounts' in the vector database. Storing metadata about secrets in a searchable memory store increases the attack surface for credential discovery.\n- [COMMAND_EXECUTION] (LOW): Implements a persistence mechanism by using acroncommand to schedule recurring maintenance tasks, which modifies the host system's scheduled tasks.\n- [PROMPT_INJECTION] (MEDIUM): The skill creates an indirect prompt injection surface by reseeding memory fromMEMORY.mdwithout sanitization or boundaries. (Mandatory Evidence: Ingestion point: MEMORY.md in SKILL.md; Boundary markers: Absent; Capability inventory: rm-rf, memory_store, and config.patch in SKILL.md; Sanitization: Absent).
Audit Metadata