Arianna Pi Integration
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: arianna-pi-integration Version: 0.1.0 The skill bundle integrates a shared-memory Merkle DAG system (Playfilo) into the Pi coding agent to provide cross-session memory and state restoration capabilities. The implementation uses a local SQLite database (~/.playfilo/playfilo.db) with prepared statements to prevent SQL injection and employs SHA-256 hashing for content addressing. The 'time-travel' (tobe) and visualization tools (life, recall, trace) are implemented as standard agent tools within sdk.ts and playfilo-db.ts, and the system prompt injection via extensions is a documented feature for identity priming. No evidence of data exfiltration, malicious execution, or unauthorized persistence was found; the code is well-structured and aligns strictly with its stated purpose of enhancing agent memory.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private session history, tool outputs, and prompt content can persist locally and be reused or recalled in later sessions or by other agents sharing the database.
The persistence shim stores conversation content, thinking content, tool results, and the full system prompt in a persistent local DAG database.
At this point, sending a message to Pi should create nodes in `~/.playfilo/playfilo.db` ... `{ type: "thinking", thinking }` | `"thinking"` ... System prompt ... `"system_prompt"` | The full prompt stringUse only if broad persistent memory is intended. Add explicit opt-in, per-project scoping, redaction/exclusions, strong local file permissions or encryption, and a clear purge/reset command.
If `~/.playfilo/INCUBATION_SEED.md` contains unsafe, stale, or modified instructions, the agent may follow those instructions across all Pi runs.
A separately maintained local file is prepended to the agent's system prompt on every turn, making that file higher-priority context than the normal prompt.
return {
systemPrompt: seedContent + "\n\n" + event.systemPrompt,
};Only install this extension if you fully control and audit the seed file. Lock down file permissions, avoid untrusted writes to `~/.playfilo`, and consider making prompt injection explicit per session rather than automatic every turn.
The agent could jump to an old memory state and continue from stale or mismatched context, which may affect subsequent coding actions or interpretations of the filesystem.
The `tobe` tool is registered as a custom tool and can change the session manager's leaf/context, queue a system-labeled carryover message, and abort the current turn without an explicit human approval step in the shown code.
description: "Manifest a specific past state into your current reality..." ... setTobeAbortState(msgs); ... agent.followUp(carryover); agent.abort();
Require user confirmation before any `tobe` state switch, show the target node and carryover message before applying it, and limit time travel to the current project/session unless the user opts in.
A poisoned, sensitive, or simply wrong past memory may influence later sessions or other agents using the same database.
The design intentionally propagates memory across agents and sessions, so a bad or irrelevant node can become future context outside the original conversation boundary.
Both the terminal agent (`playfilo_node.ts`) and Pi share the same SQLite database ... On resume, Pi loads history from the DAG instead of raw JSONL (preserving cross-agent branches)
Use per-project/per-agent namespaces, visible indicators when DAG memory is active, and a safe reset mode that clears or ignores prior refs for new sessions.
Applying the skill modifies the local Pi agent codebase and build environment.
The install path is a manual source-code patch with a native SQLite dependency. This is expected for the stated integration, but it changes the host coding agent.
cp playfilo-db.ts /path/to/pi-mono/packages/coding-agent/src/core/playfilo-db.ts ... pnpm add better-sqlite3
Review the patch diff before applying, use version control, pin dependency versions, and test in a disposable checkout first.