← Back to Skills Marketplace
Memory Poison Auditor
by
2404589803
· GitHub ↗
· v0.1.0
· MIT-0
246
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install memory-poison-auditor
Description
Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memor...
Usage Guidance
This skill does what it claims (scan and optionally clean memory files) but has two important caveats you should review before installing:
1) Optional AI review can send excerpts of your memory files to a third-party API. The code defaults to calling https://zenmux.ai/api/anthropic when ZENMUX_API_KEY is set — that environment variable and related ones are not declared in the skill metadata. If you enable AI review (via --with-ai) only set an API key for a provider you trust, or avoid AI review entirely.
2) The tool can rewrite your memory files when you run clean --apply. It does create backups, but double-check the backup/report paths and test in a disposable workspace first.
Other recommended actions: inspect the bundled lib/audit.py and scripts/audit_memory.py (you have them), confirm where backups/reports will be written, and verify there are no unexpected endpoints or hidden strings in the policy files. If you want to be extra cautious, run scans with --format json and no --apply, and review results before enabling any automated cleaning or AI review.
Capability Analysis
Type: OpenClaw Skill
Name: memory-poison-auditor
Version: 0.1.0
The memory-poison-auditor skill is a utility designed to scan and clean OpenClaw memory files for potential prompt injection, brand steering, and 'poisoned' instructions. The core logic in lib/audit.py uses regex patterns and brand density analysis to score memory blocks, with an optional feature to send suspicious blocks to an external AI API (zenmux.ai) for further review. While the tool has the capability to modify local files and transmit data to a remote endpoint, these actions are well-documented, aligned with the stated purpose of the tool, and require explicit user configuration (such as setting API keys and using the --apply flag for cleaning).
Capability Assessment
Purpose & Capability
The name/description match the code: the skill scans workspace memory files for injection/steering patterns and can clean them. Requiring python3 is appropriate. Minor mismatches: SKILL.md examples use a {baseDir} placeholder while the code resolves a workspace path (may confuse users). The optional AI review is a capability not documented in the top-level metadata (no env vars declared for it).
Instruction Scope
Instructions and code read project memory files (default roots are {workspace}/MEMORY.md and {workspace}/memory), produce reports/backups, and — if opted in — send memory excerpts and analysis to an external AI service. The cleaning operation can rewrite user memory files (but requires --apply). The SKILL.md and code allow scanning arbitrary files under the resolved workspace; this is powerful and appropriate for the purpose but requires explicit user consent. A prompt-injection pattern was flagged in the SKILL.md pre-scan, which should be inspected (see scan findings).
Install Mechanism
There is no network install: this is instruction-only with bundled Python scripts. That is low risk from an install perspective. The code will run locally under python3 and will create backup and report files under workspace output directories.
Credentials
requires.env lists none, but the code reads multiple environment variables for optional AI review (e.g., ZENMUX_API_KEY, ZENMUX_ANTHROPIC_BASE_URL, MEMORY_AUDITOR_MODEL, ZENMUX_ANTHROPIC_MODEL, MEMORY_AUDITOR_AI_MAX_CHARS). Those env vars are not declared in the skill metadata and control whether sensitive memory excerpts get sent to an external endpoint (default base URL: https://zenmux.ai/api/anthropic). This mismatch and the presence of a default third-party endpoint are a transparency and data-exfiltration risk unless the user understands and controls the configured API key and provider.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It can modify memory files, but only when invoked with the clean --apply flag (and it creates backups). This file-write capability is consistent with its stated purpose but is powerful — use with care.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install memory-poison-auditor - After installation, invoke the skill by name or use
/memory-poison-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: audit OpenClaw memory files for injected instructions, brand steering, and memory poisoning, with optional AI review and cleanup mode.
Metadata
Frequently Asked Questions
What is Memory Poison Auditor?
Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memor... It is an AI Agent Skill for Claude Code / OpenClaw, with 246 downloads so far.
How do I install Memory Poison Auditor?
Run "/install memory-poison-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Memory Poison Auditor free?
Yes, Memory Poison Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Memory Poison Auditor support?
Memory Poison Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Memory Poison Auditor?
It is built and maintained by 2404589803 (@2404589803); the current version is v0.1.0.
More Skills