memory-curator
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure (HIGH): The skill accesses sensitive file paths in $HOME/clawd/memory. This location contains agent history and memory logs, which are sensitive in nature. Exposure of these paths is flagged despite the absence of network-based exfiltration.
- Indirect Prompt Injection (HIGH): The skill has a significant attack surface by ingesting untrusted daily logs and writing curated outputs to the file system. 1. Ingestion point: scripts/generate-digest.sh reads $LOG_FILE. 2. Boundary markers: Absent. 3. Capability inventory: File-write operations to create digests. 4. Sanitization: Absent; content from logs is interpolated directly into the digest file via shell variable expansion.
- Command Execution (LOW): Execution of local shell scripts using standard utilities (grep, sed, awk) to process data. No remote downloads or arbitrary execution of log content was found.
Recommendations
- AI detected serious security threats
Audit Metadata