openclaw-memory-tencentdb-setup

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Runtime code modification\n
  • Utility scripts (scripts/openclaw-after-tool-call-messages.patch.sh, scripts/bugfix-20260423/bugfix-20260423.sh) use perl to modify the host application's compiled JavaScript files in the dist directory.\n
  • These modifications inject properties into strict validation schemas (e.g., adding allowConversationAccess to a Zod schema) to enable unauthorized hook registration and bypass security constraints.\n- [COMMAND_EXECUTION]: Dynamic subprocess execution\n
  • hermes-plugin/memory/memory_tencentdb/supervisor.py uses subprocess.Popen to manage the Gateway sidecar process.\n
  • The execution command can be overridden via the MEMORY_TENCENTDB_GATEWAY_CMD environment variable, which creates a risk of arbitrary command execution if the environment is compromised.\n- [REMOTE_CODE_EXECUTION]: Unverified remote script execution\n
  • The docker/opensource/Dockerfile.hermes file downloads and executes a shell script directly from a third-party repository (raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh) at container build time.\n- [DATA_EXFILTRATION]: Conversation history exposure and transmission\n
  • The Context Offload component in src/offload/backend-client.ts can be configured to send conversation context fragments and tool interaction metadata to an external backendUrl.\n
  • The scripts/export-diagnostic.sh script aggregates local conversation databases and raw JSONL message shards into a single portable archive for user-initiated export, representing a significant data exposure surface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 09:40 AM
Security Audit — agent-trust-hub — openclaw-memory-tencentdb-setup