secondme-openclaw-key-memory
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: Accesses the local file
{baseDir}/.credentialsto retrieve an authentication token used for API requests to the vendor domainapp.mindos.com. This is a standard authentication mechanism for the author's own infrastructure. - [PROMPT_INJECTION]: The skill ingests user-provided content for long-term storage, creating a surface for indirect prompt injection. • Ingestion points: Data enters the system via the
contentfield in the memory insertion request. • Boundary markers: There are no explicit markers or instructions to isolate user content from system prompts. • Capability inventory: The skill is capable of external network communication for storage and retrieval operations. • Sanitization: No sanitization, validation, or filtering of the ingested content is defined.
Audit Metadata