hybrid-memory
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions utilize local shell scripts (
graphiti-search.shandgraphiti-log.sh) for searching and logging memory. These scripts are executed with user-provided strings as arguments, which presents a risk of command injection if the underlying scripts do not perform strict input validation.- [EXTERNAL_DOWNLOADS]: The skill documentation directs the user to an external GitHub repository (github.com/clawdbrunner/openclaw-graphiti-memory) for setup and implementation. Since this repository is not from a trusted organization or well-known service, it introduces a supply chain risk where the scripts or configuration could be malicious.- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by retrieving and acting upon data from a temporal knowledge graph that contains past conversations. - Ingestion points: Data is ingested through the
graphiti-search.shtool, which queries historical logs and conversation facts. - Boundary markers: The provided usage templates and
AGENTS.mdsnippets do not include delimiters or instructions for the agent to ignore potentially malicious commands embedded in the retrieved memory. - Capability inventory: The skill facilitates shell script execution and data retrieval from external databases.
- Sanitization: There is no evidence of sanitization or filtering of the retrieved memory content before it is processed by the agent's decision-making framework.
Audit Metadata