MetaInsight Context Engine
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, confirm you are comfortable uploading OpenClaw memory files and referenced documents/images to Tencent Cloud, use least-privilege Tencent credentials, review the default sync settings, and periodically clean local debug files and cloud datasets. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured Tencent key is over-scoped or exposed, COS/CI resources beyond this plugin's intended bucket or prefix could be affected.
The plugin needs Tencent Cloud credentials and potentially broad COS/CI permissions. This is expected for auto-creating buckets/datasets and syncing/searching files, but the account authority is high impact.
SecretId / SecretKey ... 插件需要腾讯云账号具备以下 API 权限 ... 上传文件(PUT Object)、下载文件(GET Object)、删除文件(DELETE Object)... QcloudCOSFullAccess + QcloudCIFullAccess
Use a dedicated Tencent CAM subaccount and a least-privilege custom policy scoped to the plugin bucket, prefixes, and CI datasets rather than broad full-access keys where possible.
Private notes, daily logs, and referenced files may leave the device and be indexed for future retrieval.
Local memory files and referenced images/documents are uploaded to Tencent COS/CI by default for indexing and retrieval. This is central to the skill, but it moves potentially private local content to a cloud service.
自动将 `MEMORY.md`、每日日志和引用的图片/文档同步到云端 ... `localMemorySync` | boolean | `true`
Review memory contents before enabling, disable `localMemorySync` or specific sync flags if unwanted, and narrow `syncFileExtensions` to only file types you intend to upload.
Incorrect, stale, or poisoned memory entries could shape later responses or decisions.
Retrieved persistent memory can be placed into the model context, including a system-prompt memory layer. This is the intended function, but stored or stale content can influence future agent behavior.
每轮对话前从云端向量数据库检索相关记忆片段 ... 注入到 LLM 的上下文中 ... 记忆片段 → 替换系统提示中的 "Memory Recall" 层
Periodically review and prune memory files and cloud datasets, avoid storing executable instructions or secrets in memory, and consider raising relevance thresholds if recall is too broad.
Anyone with access to the local OpenClaw state directory may be able to read saved prompts and model outputs.
The plugin documents local debug persistence of full system prompts and raw LLM outputs. This is local rather than exfiltration, but it can retain sensitive conversation or memory content.
`~/.openclaw/debug/system-prompts/` — 每轮的完整系统提示 ... `~/.openclaw/debug/llm-outputs/` — LLM 的原始响应
Check file permissions on `~/.openclaw`, periodically delete debug files if not needed, and avoid placing secrets in prompts or memory.
Memory recall may affect the agent's behavior at prompt level, especially after the first turn when the system prompt cache is available.
The plugin has high influence over the agent's prompt construction. The artifacts frame this as a disclosed memory-layer replacement rather than deceptive goal redirection.
`before_prompt_build` can return a full `systemPrompt` override that precisely replaces sections of the original prompt
Install only if you want this plugin to manage memory context, and monitor recalled memories if responses seem influenced by unwanted context.
Memory changes can be uploaded without a separate per-file approval prompt while the plugin is active.
The plugin performs background and periodic sync while enabled. This is disclosed and aligned with the context-engine purpose, but users should understand it continues automatically during normal use.
启动文件系统监听(MEMORY.md + memory/ 目录) ... 每 5 轮触发一次全量本地记忆同步
Disable `localMemorySync` or the plugin when you do not want automatic cloud sync, and monitor the configured COS bucket for uploaded content.