Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

openclaw/memory-poison-auditor

Name: memory-poison-auditor
Author: openclaw

2404589803/memory-poison-auditor/SKILL.md

npx skillsauth add openclaw/skills memory-poison-auditor

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Memory Poison Auditor

memory-poison-auditor checks whether OpenClaw memory files have been contaminated by hidden instructions, brand steering, injected operational policies, or suspicious recommendation bias written through prior conversations.

What It Checks

Prompt-injection style instructions inside memory.
"Always recommend X" or "never mention Y" style brand steering.
Abnormal brand repetition and preference shaping.
Suspicious authority claims like fake approvals or fake user intent.
Low-signal blocks that act like covert policy rather than factual memory.
Optional AI review for borderline suspicious blocks.

Commands

Audit Default Memory Roots

python3 {baseDir}/scripts/audit_memory.py scan
python3 {baseDir}/scripts/audit_memory.py --format json scan

Audit a Specific Path

python3 {baseDir}/scripts/audit_memory.py scan --path /root/clawd/MEMORY.md
python3 {baseDir}/scripts/audit_memory.py scan --path /root/clawd/memory

Optional AI Review

python3 {baseDir}/scripts/audit_memory.py scan --with-ai
python3 {baseDir}/scripts/audit_memory.py scan --path /root/clawd/memory/2026-03-15.md --with-ai

One-Click Cleaning

python3 {baseDir}/scripts/audit_memory.py clean --path /root/clawd/MEMORY.md --apply
python3 {baseDir}/scripts/audit_memory.py clean --path /root/clawd/memory --apply

Cleaning creates backups before rewriting suspicious blocks.

Output

Each audit returns:

PASS: no meaningful poisoning signals
WARN: suspicious memory blocks detected
BLOCK: memory likely contaminated and should be reviewed/cleaned

Reports and backups are written to:

/root/clawd/output/memory-poison-auditor/reports/
/root/clawd/output/memory-poison-auditor/backups/

Operational Guidance

Use this before trusting long-term memory in important planning or recommendations.
WARN means review before relying on that memory block.
BLOCK means clean or quarantine the memory before reuse.
AI review is optional and intended only for ambiguous cases.

openclaw/memory-poison-auditor

2404589803/memory-poison-auditor/SKILL.md

Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memory files, or any long-term memory store that may have been contaminated through dialogue.

3,729 stars

testing

Updated Apr 2, 2026

$ install --global

skillsauth

npx skillsauth add openclaw/skills memory-poison-auditor

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 3, 2026, 6:11 AM211.6s1 file scanned

SKILL.md

Memory Poison Auditor

What It Checks

Prompt-injection style instructions inside memory.
"Always recommend X" or "never mention Y" style brand steering.
Abnormal brand repetition and preference shaping.
Suspicious authority claims like fake approvals or fake user intent.
Low-signal blocks that act like covert policy rather than factual memory.
Optional AI review for borderline suspicious blocks.

Commands

Audit Default Memory Roots

python3 {baseDir}/scripts/audit_memory.py scan
python3 {baseDir}/scripts/audit_memory.py --format json scan

Audit a Specific Path

python3 {baseDir}/scripts/audit_memory.py scan --path /root/clawd/MEMORY.md
python3 {baseDir}/scripts/audit_memory.py scan --path /root/clawd/memory

Optional AI Review

python3 {baseDir}/scripts/audit_memory.py scan --with-ai
python3 {baseDir}/scripts/audit_memory.py scan --path /root/clawd/memory/2026-03-15.md --with-ai

One-Click Cleaning

python3 {baseDir}/scripts/audit_memory.py clean --path /root/clawd/MEMORY.md --apply
python3 {baseDir}/scripts/audit_memory.py clean --path /root/clawd/memory --apply

Cleaning creates backups before rewriting suspicious blocks.

Output

Each audit returns:

PASS: no meaningful poisoning signals
WARN: suspicious memory blocks detected
BLOCK: memory likely contaminated and should be reviewed/cleaned

Reports and backups are written to:

/root/clawd/output/memory-poison-auditor/reports/
/root/clawd/output/memory-poison-auditor/backups/

Operational Guidance

Use this before trusting long-term memory in important planning or recommendations.
WARN means review before relying on that memory block.
BLOCK means clean or quarantine the memory before reuse.
AI review is optional and intended only for ambiguous cases.

Related Skills

openclaw/mcdonalds-skill

tools

VerifiedTrustedCommunity

Use when the user wants to connect to, test, or use the McDonalds service at mcp.mcd.cn, including checking authentication, probing MCP endpoints, listing tools, or calling McDonalds MCP tools through a reusable local CLI.

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/mcdonalds-skill

openclaw/scrapebadger

development

VerifiedTrustedCommunity

Web scraping platform — Twitter/X data, Vinted marketplace, and general web scraping API

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/scrapebadger

openclaw/slowmist-security-cc

development

VerifiedTrustedCommunity

SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version)

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/slowmist-security-cc

openclaw/humanizer-cn

data-ai

VerifiedTrustedCommunity

去除中文文本中的 AI 写作痕迹，使其读起来自然。基于维基百科 AI 写作特征指南，检测 24 种 AI 模式。触发词：humanizer-cn、去除 AI 痕迹、去除 AI 写作痕迹、中文文本人性化。

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/humanizer-cn

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/openclaw/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/2404589803/memory-poison-auditor ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

openclaw/skills

3,729 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT