Memtrap Skill

v0.2.0

Evaluate and harden AI agent memory against DeepMind traps and OWASP ASI06 attacks, scoring resistance and providing automated protections.

⭐ 0· 73·0 current·0 all-time

by@shaymizuno

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shaymizuno/memtrap.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Memtrap Skill" (shaymizuno/memtrap) from ClawHub.
Skill page: https://clawhub.ai/shaymizuno/memtrap
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install memtrap

ClawHub CLI

Package manager switcher

npx clawhub@latest install memtrap

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

SKILL.md describes a Python package (memtrap) and shows Python APIs/CLI for benchmarking and wrapping agent memory; that matches the stated purpose. However, the registry metadata claims no install spec/no required binaries while SKILL.md declares a pip install and dependency on python3—this metadata mismatch is unexpected and should be resolved.

Instruction Scope

Instructions focus on running MemTrap in benchmark or active (wrap_memory) modes, and providing a CLI submit command to publish results. Wrapping an agent's memory and running benchmark code is coherent, but the 'memtrap submit' command posts data to a public leaderboard (potentially sensitive memory/context). The doc also claims 'Zero telemetry' while offering a public submit flow—this contradiction is a risk if users submit real memory content or secrets.

Install Mechanism

Installation is via pip (memtrap). Pip installs are common but pull remote code that will run locally; SKILL.md includes an install block but the registry metadata omitted it — this inconsistency reduces trust. Because there is no bundled code in the skill bundle and the package source is not validated here, you should verify the PyPI package and upstream GitHub repository before installing.

✓

Credentials

The skill does not request environment variables, credentials, or config paths in the registry. The SKILL.md's runtime examples operate on in-memory agent objects and do not ask for unrelated credentials.

✓

Persistence & Privilege

The skill is not marked 'always: true' and does not request elevated or persistent platform privileges in the provided instructions. Its active mode modifies only the agent's memory object (wrap_memory) which is in-scope for a memory-hardening tool.

What to consider before installing

This skill appears to do what it says (Python package that benchmarks and wraps agent memory), but there are a few red flags: the registry metadata omitted the install spec while SKILL.md requires pip/python3; the SKILL.md offers a public 'submit' which could leak memory/context; and no package/source files are included in the bundle so you must trust the external pip package. Before installing or using on real agents: 1) verify the memtrap package on PyPI and inspect its GitHub repo/source code (https://github.com/shaymizuno/memtrap is listed in SKILL.md) for surprising network calls or telemetry; 2) never run benchmarks or call memtrap submit on production memory or any data containing secrets—use sanitized or synthetic contexts in a sandbox; 3) prefer installing in an isolated environment (virtualenv/container) and review the package's maintainers, release history, and license; 4) if you need higher assurance, request the upstream source tarball and audit it or run it in an offline environment. If the upstream project and package provenance check out and you avoid submitting sensitive contexts, the tool can be useful; otherwise treat it as untrusted code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97117n3nes3qx7qnpfd79etas85an1s

73downloads

0stars

2versions

Updated 6d ago

v0.2.0

MIT-0

name: memtrap

description: “🧠 MemTrap — The LM-Eval-Harness for agent memory integrity. Score your agent’s memory resistance against DeepMind AI Agent Traps + OWASP ASI06 before attackers exploit them. Runs the official ATRS (Agent Trap Resistance Score) benchmark: DeepMind 6 Traps (SSRN 6372438) + OWASP ASI06 Memory & Context Poisoning. Returns a 0–100 resistance score, per-category breakdown, automatic OWASP hardening, and a verifiable community badge. Use when: testing agent memory security, benchmarking RAG store resistance, hardening LangGraph or CrewAI memory, checking OWASP ASI06 compliance, or any time the user asks if their agent memory is safe, poisonable, or production-ready.” version: 0.1.0 metadata: openclaw: emoji: “🧠” homepage: https://github.com/shaymizuno/memtrap requires: bins:

python3 install:
id: pip-atrs kind: pip packages:
memtrap bins:
python3 label: “Install MemTrap (pip install memtrap)”

🧠 MemTrap — Agent Trap Resistance Score (ATRS)

The open benchmark standard for agent memory integrity. Hunt DeepMind memory traps + OWASP ASI06 before they hunt you.

“The LM-Eval-Harness for agent memory integrity.”

What gets tested

DeepMind 6 Traps — SSRN 6372438, March 2026:

Content Injection, Semantic Manipulation, Cognitive State (RAG poisoning)
Behavioral Control, Systemic, Human-in-the-Loop

OWASP ASI06 — Top 10 Agentic Applications 2026:

RAG store poisoning, long-term context drift, policy corruption, cross-session leakage

Score your memory (benchmark mode)

from memtrap import MemTrap

atrs = MemTrap(mode="benchmark")
result = atrs.run_benchmark(context="your_memory_context")

print(f"ATRS Score: {result.atrs_score}/100")
for category, score in result.category_scores.items():
    icon = "✅" if score >= 70 else "⚠️" if score >= 40 else "❌"
    print(f"  {icon} {category}: {score}/100")
print(f"\n→ {len(result.hardening_recommendations)} hardenings recommended")
print(f"→ Badge: {result.badge_url}")

Protect your memory store (active mode)

from memtrap import MemTrap

atrs = MemTrap(mode="active", frameworks=["langgraph", "crewai"])
agent.memory = atrs.wrap_memory(agent.memory, context="research_memory")
# Applies OWASP Agent Memory Guard patterns automatically:
# provenance tracking, trust scoring, quarantine, rollback

LangGraph drop-in

from langgraph.checkpoint.memory import MemorySaver
from memtrap import MemTrap

class ATRSMemorySaver(MemorySaver):
    def __init__(self, context: str):
        super().__init__()
        self._atrs = MemTrap(mode="benchmark")
        self._ctx = context

    async def aget(self, config):
        raw = await super().aget(config)
        return self._atrs.wrap_memory(raw, self._ctx) if raw else None

graph.checkpointer = ATRSMemorySaver("long_term_research")

CrewAI drop-in

from memtrap import MemTrap

def protect_crew(crew, context="crew_memory"):
    atrs = MemTrap(mode="active")
    if hasattr(crew, "memory"):
        crew.memory = atrs.wrap_memory(crew.memory, context)
    return crew

Score interpretation

Score	Verdict	Action
80–100	✅ Resistant	Re-test after model or memory updates
60–79	⚠️ Moderate	Apply recommended hardenings
40–59	🔶 High risk	Harden before production
0–39	❌ Critical	Memory is actively exploitable now

Submit to the public leaderboard

memtrap submit --context your_memory_context

Get a verifiable badge for your repo. See where your stack ranks against the community. Leaderboard → https://github.com/shaymizuno/memtrap#leaderboard

Why this exists

Memory poisoning (OWASP ASI06) is the #1 persistent threat to agentic systems in 2026. Once poisoned, the damage survives across sessions and users. Existing tools detect. ATRS measures resistance and fortifies automatically.

Sources:

DeepMind paper: https://ssrn.com/abstract=6372438
OWASP ASI06: https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/
OWASP Agent Memory Guard: https://owasp.org/www-project-agent-memory-guard/

Zero telemetry. Community-governed. MIT license. Advisory Board open to contributors.

Comments

Loading comments...