Skills
skills/stewnight/rem-sleep-skill/rem-sleep/Gen Agent Trust Hub

rem-sleep

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (HIGH): The skill encourages users to download and execute a bash script ('gather-sessions.sh') from an untrusted GitHub repository (stewnight/rem-sleep-skill). This allows the script owner to run arbitrary code on the host system.
  • Indirect Prompt Injection (LOW): The workflow processes raw conversation logs (~/.openclaw/agents/main/sessions/*.jsonl) to consolidate long-term memory. Malicious content within those logs could influence the AI during the summarization process.
  • Ingestion points: Session logs files in scripts/gather-sessions.sh and SKILL.md.
  • Boundary markers: Absent; no delimiters are used to separate log content from instructions.
  • Capability inventory: The skill executes shell scripts and modifies local files (MEMORY.md).
  • Sanitization: Absent; the script passes raw log content to the agent.
  • Command Execution (MEDIUM): The 'gather-sessions.sh' script performs directory searches and file manipulation using system binaries and attempts to execute an external application ('Repo Prompt').
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/stewnight/rem-sleep-skill/main/scripts/gather-sessions.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:26 PM