openclaw-memory-enhancer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves content from untrusted external files (memory logs) and interpolates them directly into the agent's prompt context.
- Ingestion points: Files located in
~/.openclaw/workspace/memory/, including daily logs andCAPABILITIES.md, are read bymemory_enhancer.pyandmemory_enhancer_edge.py. - Boundary markers: The
recall_for_promptfunction uses a[相关记忆](Related Memory) header to delimit retrieved content, but does not include explicit instructions for the agent to ignore any commands found within that section. - Capability inventory: The skill itself does not perform dangerous operations like arbitrary shell execution or network exfiltration on the retrieved data, which limits the potential impact of an injection.
- Sanitization: The skill truncates content to a specific
chunk_size(e.g., 500 characters) but does not sanitize the text for embedded instructions or escape special characters that might trigger agent behavior.
Audit Metadata