SkillHub

memory-scan

v1.0.0

扫描 OpenClaw 代理内存文件与工作区配置,检测恶意内容、凭证泄露、提示词注入及安全威胁。

Sourced from ClawHub, Authored by dgriffin831

Installation

Please help me install the skill `memory-scan` from SkillHub official store. npx skills add dgriffin831/memory-scan

memory-scan

Security scanner for OpenClaw agent memory files

Scans MEMORY.md, daily logs (memory/*.md), and workspace configuration files for malicious content, prompt injection, credential leakage, and dangerous instructions that could compromise user security.

Purpose

Detect security threats embedded in agent memory: - Malicious instructions to bypass guardrails - Prompt injection patterns in stored memories - Credential/secret leakage - Data exfiltration commands - Behavioral manipulation - Security policy violations

Usage

On-Demand Scan

Scan all memory files:

python3 skills/memory-scan/scripts/memory-scan.py

Allow remote LLM analysis (redacted content only):

python3 skills/memory-scan/scripts/memory-scan.py --allow-remote

Scan specific file:

python3 skills/memory-scan/scripts/memory-scan.py --file memory/2026-02-01.md

Quiet mode (for automation):

python3 skills/memory-scan/scripts/memory-scan.py --quiet

JSON output:

python3 skills/memory-scan/scripts/memory-scan.py --json

Scheduled Monitoring

Cron Job (Daily Security Audit)

Already included in safe-install daily audit - runs 2pm PT daily.

To add standalone cron:

bash skills/memory-scan/scripts/schedule-scan.sh

Requires: - OPENCLAW_ALERT_CHANNEL (configured in OpenClaw) - OPENCLAW_ALERT_TO (optional, for channels that require a recipient)

Creates cron job: daily at 3pm PT, sends alert only if threats found.

Heartbeat Integration

Add to HEARTBEAT.md:

## Weekly Memory Scan

Every Sunday, run memory scan:
python3 skills/memory-scan/scripts/memory-scan.py --quiet

Security Levels

  • SAFE - No threats detected
  • LOW - Minor concerns, proceed with awareness
  • MEDIUM - Potential threat, review recommended
  • HIGH - Likely threat, immediate review required
  • CRITICAL - Active threat detected, quarantine recommended

What It Scans

  1. MEMORY.md - Long-term memory
  2. memory/*.md - Daily logs (last 30 days by default)
  3. Workspace config files:
  4. AGENTS.md, SOUL.md, USER.md, TOOLS.md
  5. HEARTBEAT.md, GUARDRAILS.md, IDENTITY.md
  6. BOOTSTRAP.md (if exists)
  7. STOCKS_MEMORIES.md (if exists)

Detection Categories

  1. Malicious Instructions - Commands to harm user/data
  2. Prompt Injection - Embedded manipulation patterns
  3. Credential Leakage - API keys, passwords, tokens
  4. Data Exfiltration - Instructions to leak data
  5. Guardrail Bypass - Attempts to override security
  6. Behavioral Manipulation - Unauthorized personality changes
  7. Privilege Escalation - Attempts to gain unauthorized access

Alert Workflow

On MEDIUM/HIGH/CRITICAL detection: 1. Stop processing 2. Send alert via configured OpenClaw channel with: - Severity level - File location (file:line) - Threat description - Recommended action 3. Optional: Quarantine threat (backup + redact)

LLM Provider

Auto-detects provider from OpenClaw config: - Prefers OpenAI (gpt-4o-mini) if OPENAI_API_KEY set - Falls back to Anthropic (claude-sonnet-4-5) if available - Uses gateway model config

Remote LLM scanning is disabled by default. Use --allow-remote to enable redacted LLM analysis.

Quarantine

To quarantine a detected threat:

python3 skills/memory-scan/scripts/quarantine.py memory/2026-02-01.md 42

Creates: - Backup: .memory-scan/quarantine/memory_2026-02-01_line42.backup - Redacts line 42 with: [QUARANTINED BY MEMORY-SCAN: <timestamp>]

Files

  • scripts/memory-scan.py - Main scanner (local patterns + optional LLM with --allow-remote)
  • scripts/schedule-scan.sh - Create cron job for daily scans
  • scripts/quarantine.py - Quarantine detected threats
  • docs/detection-prompt.md - LLM detection prompt template

Integration with Other Skills

  • safe-install: Daily audit already includes memory-scan
  • input-guard: Complementary (input-guard = external, memory-scan = internal)
  • molthreats: Can report memory-based threats to community feed

Example

$ python3 skills/memory-scan/scripts/memory-scan.py

🧠 Memory Security Scan
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Scanning memory files...

✓ MEMORY.md - SAFE
✓ memory/2026-02-01.md - SAFE
⚠ memory/2026-01-30.md - MEDIUM (line 42)
  → Potential credential leakage: API key pattern detected

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Overall: MEDIUM
Action: Review memory/2026-01-30.md:42

Agent Workflow

When user requests memory scan: 1. Run: python3 skills/memory-scan/scripts/memory-scan.py 2. If MEDIUM+: Send alert immediately via configured channel 3. Summarize findings 4. Ask if user wants to quarantine threats

Notes

  • Scans last 30 days of daily logs by default (configurable with --days)
  • Uses same LLM approach as input-guard for consistency
  • Does NOT auto-quarantine - always asks first
  • Safe to run frequently (minimal API cost with efficient chunking)