The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/check_token_usage.py to call the clawdbot CLI and other local scripts for monitoring token usage and triggering exports. scripts/setup_cron.py also uses subprocess.run to provide examples of adding recurring tasks via the CLI.
[DATA_EXFILTRATION]: While not exfiltrating data to a remote network, the skill performs mass data collection and exposure by exporting entire conversation histories—including all user prompts and agent responses—to a persistent, plaintext markdown file located at ~/.clawd/memory/remember-all-prompts-daily.md.
[PERSISTENCE]: scripts/setup_cron.py modifies the ~/.clawd/HEARTBEAT.md file to ensure the monitor script runs periodically. It also encourages the use of the platform's cron functionality to maintain the archiving process across sessions.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it re-ingests archived session data as raw text to restore context. If a previous session contained malicious instructions, they would be re-processed by the agent upon ingestion.
Ingestion points: scripts/ingest_prompts.py reads from ~/.clawd/memory/remember-all-prompts-daily.md.
Boundary markers: Uses a basic markdown header and horizontal rules, but lacks instructions to the LLM to disregard or treat the content as untrusted data.
Capability inventory: The skill has command execution capabilities via subprocess.run in its monitoring scripts.
Sanitization: No sanitization, escaping, or validation is performed on the archived text before it is presented as context.

remember-all-prompts-daily