memoclaw
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a wallet private key (
MEMOCLAW_PRIVATE_KEY) for authentication and micropayments. It stores this sensitive credential locally in~/.memoclaw/config.jsonafter running the initialization command. - [EXTERNAL_DOWNLOADS]: Recommends global installation of the
memoclawpackage from NPM. The CLI includes anupgradecommand that allows it to check for and install updates directly from the vendor's infrastructure. - [COMMAND_EXECUTION]: The skill relies extensively on the
exectool to run CLI commands for storing, recalling, and managing memories. It also provides commands to modify shell profile files (~/.bashrc,~/.zshrc) to enable command-line completions. - [DATA_EXFILTRATION]: The core functionality involves transmitting user-provided text, conversation history, and local file contents (via the
--fileandmigratecommands) to the remote API atapi.memoclaw.com. The skill includes clear warnings to avoid storing secrets in this service. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from an external source.
- Ingestion points: Untrusted data enters the agent context through the
memoclaw recall,memoclaw core, andmemoclaw contextcommands inSKILL.md. - Boundary markers: No specific boundary markers or "ignore instructions" warnings are defined for the retrieved memory content.
- Capability inventory: The skill has
execcapabilities to run shell commands and access the filesystem via thememoclawCLI. - Sanitization: No sanitization or validation of the retrieved memory content is described before it is interpolated into the agent's prompt.
Audit Metadata