← 返回 Skills 市场
Memory Poison Auditor
作者
2404589803
· GitHub ↗
· v0.1.0
· MIT-0
246
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install memory-poison-auditor
功能描述
Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memor...
安全使用建议
This skill does what it claims (scan and optionally clean memory files) but has two important caveats you should review before installing:
1) Optional AI review can send excerpts of your memory files to a third-party API. The code defaults to calling https://zenmux.ai/api/anthropic when ZENMUX_API_KEY is set — that environment variable and related ones are not declared in the skill metadata. If you enable AI review (via --with-ai) only set an API key for a provider you trust, or avoid AI review entirely.
2) The tool can rewrite your memory files when you run clean --apply. It does create backups, but double-check the backup/report paths and test in a disposable workspace first.
Other recommended actions: inspect the bundled lib/audit.py and scripts/audit_memory.py (you have them), confirm where backups/reports will be written, and verify there are no unexpected endpoints or hidden strings in the policy files. If you want to be extra cautious, run scans with --format json and no --apply, and review results before enabling any automated cleaning or AI review.
功能分析
Type: OpenClaw Skill
Name: memory-poison-auditor
Version: 0.1.0
The memory-poison-auditor skill is a utility designed to scan and clean OpenClaw memory files for potential prompt injection, brand steering, and 'poisoned' instructions. The core logic in lib/audit.py uses regex patterns and brand density analysis to score memory blocks, with an optional feature to send suspicious blocks to an external AI API (zenmux.ai) for further review. While the tool has the capability to modify local files and transmit data to a remote endpoint, these actions are well-documented, aligned with the stated purpose of the tool, and require explicit user configuration (such as setting API keys and using the --apply flag for cleaning).
能力评估
Purpose & Capability
The name/description match the code: the skill scans workspace memory files for injection/steering patterns and can clean them. Requiring python3 is appropriate. Minor mismatches: SKILL.md examples use a {baseDir} placeholder while the code resolves a workspace path (may confuse users). The optional AI review is a capability not documented in the top-level metadata (no env vars declared for it).
Instruction Scope
Instructions and code read project memory files (default roots are {workspace}/MEMORY.md and {workspace}/memory), produce reports/backups, and — if opted in — send memory excerpts and analysis to an external AI service. The cleaning operation can rewrite user memory files (but requires --apply). The SKILL.md and code allow scanning arbitrary files under the resolved workspace; this is powerful and appropriate for the purpose but requires explicit user consent. A prompt-injection pattern was flagged in the SKILL.md pre-scan, which should be inspected (see scan findings).
Install Mechanism
There is no network install: this is instruction-only with bundled Python scripts. That is low risk from an install perspective. The code will run locally under python3 and will create backup and report files under workspace output directories.
Credentials
requires.env lists none, but the code reads multiple environment variables for optional AI review (e.g., ZENMUX_API_KEY, ZENMUX_ANTHROPIC_BASE_URL, MEMORY_AUDITOR_MODEL, ZENMUX_ANTHROPIC_MODEL, MEMORY_AUDITOR_AI_MAX_CHARS). Those env vars are not declared in the skill metadata and control whether sensitive memory excerpts get sent to an external endpoint (default base URL: https://zenmux.ai/api/anthropic). This mismatch and the presence of a default third-party endpoint are a transparency and data-exfiltration risk unless the user understands and controls the configured API key and provider.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It can modify memory files, but only when invoked with the clean --apply flag (and it creates backups). This file-write capability is consistent with its stated purpose but is powerful — use with care.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memory-poison-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/memory-poison-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: audit OpenClaw memory files for injected instructions, brand steering, and memory poisoning, with optional AI review and cleanup mode.
元数据
常见问题
Memory Poison Auditor 是什么?
Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memor... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 246 次。
如何安装 Memory Poison Auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-poison-auditor」即可一键安装,无需额外配置。
Memory Poison Auditor 是免费的吗?
是的,Memory Poison Auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Memory Poison Auditor 支持哪些平台?
Memory Poison Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memory Poison Auditor?
由 2404589803(@2404589803)开发并维护,当前版本 v0.1.0。
推荐 Skills