Memory Poison Auditor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running clean --apply can change memory files and remove blocks the auditor considers suspicious.
The clean mode can mutate scanned memory files, but the separate --apply flag makes the rewrite explicit and user-directed.
clean_parser.add_argument("--apply", action="store_true", help="Actually rewrite files after creating backups") ... actions = clean_blocks(paths, results, backups_dir)Run scan first, review the report, confirm the target path, and verify backups before using clean --apply.
If configured, the skill can spend or use the provider account associated with ZENMUX_API_KEY.
Optional AI review uses a provider API key from the environment. This is purpose-aligned for external AI review, and there is no evidence of hardcoding or unrelated credential use.
api_key = os.environ.get("ZENMUX_API_KEY") ... "x-api-key": api_keyOnly set the API key if you want external AI review, and prefer a revocable, least-privilege provider key.
Local reports may duplicate sensitive memory content and could be misread later if treated as trusted context rather than audit evidence.
Reports persist excerpts of scanned memory blocks, which may include private content or the very poisoned text being audited.
"text": item["block"].text[:400], ... report_path = write_report(serializable_bundle, reports_dir)
Store reports in a controlled location, delete unneeded reports/backups, and treat quoted memory excerpts as untrusted evidence.
Potentially sensitive memory excerpts may leave the local machine for provider review.
When optional AI review is used, memory block text and metadata can be sent to an external Zenmux/Anthropic-compatible API.
base_url = os.environ.get("ZENMUX_ANTHROPIC_BASE_URL", "https://zenmux.ai/api/anthropic") ... "excerpt": block.text[: int(os.environ.get("MEMORY_AUDITOR_AI_MAX_CHARS", "10000"))]Use --with-ai only when you are comfortable sending the selected memory excerpts to the configured provider, and document this data flow for users.