openclaw-history-ingest

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive personal data stored in ~/.openclaw, including agent memory and conversation transcripts. While it includes explicit instructions to skip credential folders and redact sensitive identifiers, the process involves moving potentially private information into an Obsidian vault.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from past session logs and notes.
  • Ingestion points: ~/.openclaw/workspace/MEMORY.md and ~/.openclaw/agents/*/sessions/*.jsonl (SKILL.md)
  • Boundary markers: Not explicitly defined.
  • Capability inventory: Reads local history files and writes distilled insights to the Obsidian vault.
  • Sanitization: The skill instructs the agent to redact API keys/tokens and to summarize rather than quote raw content verbatim.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:12 AM
Security Audit — agent-trust-hub — openclaw-history-ingest