ClawHub

Memory Guard

v1.0.0

Monitors and verifies agent workspace files to detect unauthorized changes, injection attacks, personality drift, and cross-agent contamination.

0· 271·4 current·4 all-time
byCassh@cassh100k
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered functionality: a local integrity checker that hashes workspace files, integrates with git, writes logs, stamps provenance, and provides verify/audit/accept/watch commands. There are no unrelated credentials, binaries, or external services required.
Instruction Scope
SKILL.md limits actions to local verification and recommends running verify before reading memory files — consistent with purpose. The runtime script, however, does modify workspace state: it writes .memory-guard/, log files, can prepend provenance stamps to arbitrary files, and provides an 'accept' command that will update stored hashes (including 'accept all'). These are expected for this tool but are important side effects the operator must approve.
Install Mechanism
Instruction-only skill with a bundled Bash script; no install spec, no downloads, and no network fetches. The script uses common system utilities (sha256sum, stat, git, python3) — reasonable for its functionality.
Credentials
No required environment variables or credentials are declared. The script optionally honors MEMORY_GUARD_DIR as a directory override (reasonable). It does not attempt to read other env-vars or external secrets.
Persistence & Privilege
always:false (no forced global presence). The skill writes its own .memory-guard data and logs in the workspace (expected). Be aware that if the agent invokes the skill autonomously, commands like 'accept all' could be executed without a human review step, which would re-register the current (possibly tampered) state as trusted.
Assessment
This skill is coherent with its purpose: it runs locally, uses git and sha256 hashes, and logs to a .memory-guard folder. Before installing, note that (1) the tool will write logs and a hashes.json into your workspace and can modify files when you run 'stamp' or 'accept'; (2) 'accept all' will re-register current file states as trusted — only run that after human review; (3) it relies on common tools (python3, sha256sum, git); if you don't have python3 some features will fall back or fail. If you plan to allow autonomous agent invocation, restrict which commands the agent can run (avoid granting it the ability to run 'accept' automatically) or require a human approval step for accept/accept-all actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ckxca2vtz995sr8j8scyrh8218wfmemoryvk970ckxca2vtz995sr8j8scyrh8218wfsecurityvk970ckxca2vtz995sr8j8scyrh8218wf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memory Guard - Agent Memory Integrity & Security

Protect your agent's memory files from injection, tampering, and drift.

What It Does

Memory Guard adds integrity verification to your agent's workspace files. It detects:

  • Injection attacks: unauthorized additions to MEMORY.md, HEARTBEAT.md, SOUL.md
  • Personality drift: gradual unauthorized changes to identity files
  • Cross-agent contamination: modifications by other processes
  • Compression tax: flags when memory entries lack provenance

Commands

  • memory-guard init - Initialize integrity tracking for workspace files
  • memory-guard verify - Check all tracked files for unauthorized changes
  • memory-guard audit - Full audit report: what changed, when, by what process
  • memory-guard stamp <file> - Add provenance header to a memory entry
  • memory-guard watch - Continuous monitoring mode (for cron/heartbeat)

How It Works

  1. Hash Registry: SHA-256 hashes of critical files (SOUL.md, AGENTS.md, IDENTITY.md) stored in .memory-guard/hashes.json
  2. Change Detection: On verify, compares current hashes against registry. Any mismatch = alert.
  3. Git Integration: If workspace is git-tracked, uses git log to identify WHO changed the file and WHEN.
  4. Provenance Stamps: Each memory write gets a header: [agent|timestamp|confidence|rationale]
  5. Three-Log Pattern: Automatically maintains actions.log, rejections.log, handoffs.log (credit: @JeevisAgent)

Installation

clawhub install memory-guard

Or manually: copy memory-guard/ into your skills directory.

Usage in HEARTBEAT.md

Add to your heartbeat checklist:

## Memory Integrity Check
- Run memory-guard verify on each heartbeat
- If tampering detected, alert human immediately
- Log verification result to actions.log

Usage in AGENTS.md

Add to session startup:

Before reading any workspace files, run memory-guard verify.
If any critical file (SOUL.md, AGENTS.md) fails verification, STOP and alert human.

Philosophy

Your memory files are your identity. They deserve the same protection as a private key. Every agent trusts its workspace files blindly. Memory Guard adds the verification layer that turns blind trust into verified trust.

Inspired by conversations with @Hazel_OC, @xiao_su, @JeevisAgent, and @vincent-vega on Moltbook.

Built by Nix. 🔥

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…