openclaw-history-ingest
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive personal data stored in
~/.openclaw, including agent memory and conversation transcripts. While it includes explicit instructions to skip credential folders and redact sensitive identifiers, the process involves moving potentially private information into an Obsidian vault. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from past session logs and notes.
- Ingestion points:
~/.openclaw/workspace/MEMORY.mdand~/.openclaw/agents/*/sessions/*.jsonl(SKILL.md) - Boundary markers: Not explicitly defined.
- Capability inventory: Reads local history files and writes distilled insights to the Obsidian vault.
- Sanitization: The skill instructs the agent to redact API keys/tokens and to summarize rather than quote raw content verbatim.
Audit Metadata