openclaw-memory-tencentdb-setup
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Runtime code modification\n
- Utility scripts (
scripts/openclaw-after-tool-call-messages.patch.sh,scripts/bugfix-20260423/bugfix-20260423.sh) useperlto modify the host application's compiled JavaScript files in thedistdirectory.\n - These modifications inject properties into strict validation schemas (e.g., adding
allowConversationAccessto a Zod schema) to enable unauthorized hook registration and bypass security constraints.\n- [COMMAND_EXECUTION]: Dynamic subprocess execution\n hermes-plugin/memory/memory_tencentdb/supervisor.pyusessubprocess.Popento manage the Gateway sidecar process.\n- The execution command can be overridden via the
MEMORY_TENCENTDB_GATEWAY_CMDenvironment variable, which creates a risk of arbitrary command execution if the environment is compromised.\n- [REMOTE_CODE_EXECUTION]: Unverified remote script execution\n - The
docker/opensource/Dockerfile.hermesfile downloads and executes a shell script directly from a third-party repository (raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh) at container build time.\n- [DATA_EXFILTRATION]: Conversation history exposure and transmission\n - The
Context Offloadcomponent insrc/offload/backend-client.tscan be configured to send conversation context fragments and tool interaction metadata to an externalbackendUrl.\n - The
scripts/export-diagnostic.shscript aggregates local conversation databases and raw JSONL message shards into a single portable archive for user-initiated export, representing a significant data exposure surface.
Audit Metadata