memory-router
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is configured to index and access files explicitly described as containing authentication data. In
SKILL.md, theteamcollection targets~/.openclaw/agents/**/*.json, which is documented to store 'auth' and agent configurations. - [DATA_EXFILTRATION]: The skill exposes sensitive system and personal information by indexing private directories. It indexes the
~/.openclaw/directory for system configurations and~/clawd/memory/for daily work logs, historical decisions, and project status. - [COMMAND_EXECUTION]: The script
memory_router.shexecutes a CLI tool using a user-provided query variable. The$QUERYvariable is passed directly to theqmd querycommand; without sanitization, this creates a potential command injection surface if the query contains shell metacharacters or if theqmdtool handles arguments unsafely.
Recommendations
- AI detected serious security threats
Audit Metadata