add-compact
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches code updates and new functionality directly from the vendor's official GitHub repository (qwibitai/nanoclaw).
- [REMOTE_CODE_EXECUTION]: Code merged from the remote repository is executed during the build and testing phases using standard development tools like npm.
- [COMMAND_EXECUTION]: Performs system-level operations including project compilation, unit testing, and service restarts via command-line utilities such as npm, git, and launchctl or systemctl.
- [PROMPT_INJECTION]: Implements a surface for indirect prompt injection by monitoring user messages for the '/compact' command. 1. Ingestion points: Incoming messages processed in src/index.ts; 2. Boundary markers: The command is identified by an explicit leading slash prefix; 3. Capability inventory: Triggers session-wide memory compaction through the Claude Agent SDK and archives logs to the local filesystem; 4. Sanitization: Includes authorization logic in src/session-commands.ts that restricts command execution to the device owner or members of the trusted main group.
Audit Metadata