Skills
skills/openclaw/skills/agent-memory-continuity/Gen Agent Trust Hub

agent-memory-continuity

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill establishes a persistence mechanism by modifying the user's crontab to execute synchronization scripts periodically.
  • Evidence: scripts/activate-memory-sync.sh adds a cron job that runs scripts/sync-memory.sh every six hours.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to retrieve and follow context from historical log files that contain unsanitized user input.
  • Ingestion points: memory/*.md and MEMORY.md (referenced in AGENT_MEMORY_PROTOCOL.md).
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in retrieved memory.
  • Capability inventory: The agent has the ability to write to the filesystem, execute shell scripts via cron, and utilize the memory_search tool.
  • Sanitization: Absent; conversation content is appended directly to memory files without filtering or escaping.
  • [COMMAND_EXECUTION]: The installation process modifies filesystem permissions to enable script execution.
  • Evidence: install.sh uses chmod +x on all scripts within the scripts/ directory.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 09:19 AM