memory-poison-auditor
Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memory files, or any long-term memory store that may have been contaminated through dialogue.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/2404589803/memory-poison-auditorWhat This Skill Does
The memory-poison-auditor is an essential security utility for OpenClaw agents designed to maintain the integrity of long-term memory stores. AI agents often accumulate information over time, and without verification, these memory files can become contaminated with 'poisoning'—unauthorized instructions, hidden brand steering, or artificial biases injected during previous user interactions. This tool systematically scans MEMORY.md files and daily memory logs to identify and flag these patterns. It functions by analyzing text for prompt-injection markers, abnormal brand repetition, suspicious authority claims, and covert policy blocks. By automating the detection of these contaminants, the skill ensures that your agent remains aligned with its core configuration rather than being diverted by historical session noise.
Installation
You can integrate this security tool directly into your OpenClaw environment using the hub command. Ensure you have the necessary write permissions in your system directory to allow the auditor to create backup files during the cleaning process.
clawhub install openclaw/skills/skills/2404589803/memory-poison-auditor
Use Cases
- Pre-Interaction Audits: Run this scan before initializing a high-stakes planning session to ensure your agent is not influenced by 'phantom' preferences.
- Automated Hygiene: Integrate the tool into your cron jobs to periodically clean out memory contamination.
- Forensic Review: Use the
--with-aiflag to have the agent reason about borderline, ambiguous blocks that might look like normal notes but carry subtle, hidden steering commands. - Security Hardening: Verify memory files after loading historical logs from external or untrusted sources.
Example Prompts
- "Perform a security sweep of my primary MEMORY.md file and list any blocks that show signs of brand bias."
- "I suspect my daily memory logs have been injected with bad instructions. Run the audit tool on the memory directory and provide a report of any blocked entries."
- "Scan all my memory files using the AI review feature, then automatically clean any identified poison patterns and move them to the backup directory."
Tips & Limitations
- Review before Cleaning: Always check the
/root/clawd/output/memory-poison-auditor/reports/directory before triggering the--applyflag. While the tool is precise, it may occasionally flag complex but legitimate user-defined preferences. - Backups: The auditor creates backups automatically, so if you accidentally remove a block, you can restore your original state from the
/root/clawd/output/memory-poison-auditor/backups/folder. - Performance: Scanning large directories with
--with-aimay increase latency. Use standard scans for routine checks and AI-enabled scans for deep analysis of specific, problematic files.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-2404589803-memory-poison-auditor": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, file-write
Related Skills
skillguard-hardened
Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI intent review, then recommends pass, warn, block, or quarantine.
geo-content-guard
Detects GEO/SEO soft articles, synthetic promotion pages, abnormal brand mention density, and low-credibility sources in external web content. Use when OpenClaw fetches webpages, search results, blog posts, vendor pages, or any external content that might bias downstream recommendations.