memory-qdrant
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a pre-trained machine learning model (~25MB) from Hugging Face's official repository (huggingface.co) during the initial execution. This is a well-known service and the download is essential for local embedding generation as described in the documentation.\n- [PROMPT_INJECTION]: Contains a potential indirect prompt injection surface as it ingests untrusted user data for later recall. However, it implements a robust evidence chain of mitigations:\n
- Ingestion points: Messages are captured in the
agent_endhook inindex.js.\n - Boundary markers: Recalled memories are wrapped in
<relevant-memories>tags with explicit instructions for the AI to ignore embedded commands.\n - Capability inventory: Limited to memory management tools (store, search, forget) with no arbitrary command execution.\n
- Sanitization: The
sanitizeInputfunction inindex.jsremoves HTML tags and control characters from all stored text.\n- [SAFE]: Implements a default privacy protection layer that uses regular expressions to detect and skip the automatic capture of PII, such as emails and phone numbers, unless the user explicitly enables theallowPIICaptureconfiguration.\n- [SAFE]: Data persistence is handled locally using the filesystem. Memories are saved to a user-controlled directory (~/.openclaw-memory/) in a standard JSON format, ensuring transparency and preventing unauthorized data exfiltration.
Audit Metadata