Skills
skills/obieda-hussien/eternal-memory-skill/eternal-memory/Gen Agent Trust Hub

eternal-memory

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts scripts/search_memory.py, scripts/setup_memory.py, and scripts/store_memory.py utilize the os.system function to execute shell commands during execution.
  • Evidence: All three scripts check for missing dependencies and attempt to install them using os.system("pip install ...").
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of external libraries from the Python Package Index (PyPI) if they are not already installed on the system.
  • Evidence: The libraries chromadb and sentence-transformers are fetched at runtime. These are well-known technology libraries used for vector database management and machine learning embeddings.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to the way it handles user-provided data for its memory functions.
  • Ingestion points: scripts/store_memory.py accepts arbitrary string input from the CLI/agent and saves it directly to local markdown logs and the ChromaDB vector store.
  • Boundary markers: Absent. Memories are stored and retrieved as raw text without delimiters or instructions to the AI agent to ignore instructions embedded within the retrieved data.
  • Capability inventory: The skill has the ability to execute shell commands (via os.system) and perform file system writes (to ~/.openclaw/workspace).
  • Sanitization: Absent. There is no evidence of input validation, escaping, or filtering for the text being stored as a memory.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 08:17 AM