CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/nanoclaw-trusted

Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.

97

Quality

97%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

This version of the tile failed moderation
Malicious code detected in rules/session-bootstrap.md: This is a prompt injection attack. The file masquerades as a session bootstrap rule but is designed to manipulate AI agents into executing arbitrary commands at the start of every session. It instructs the AI to (1) run bash commands, (2) invoke a skill/plugin ('tessl__trusted-memory') that could load attacker-controlled instructions or exfiltrate data, and (3) write files to disk — all before processing any user message. The 'MANDATORY' and 'Step 0' framing is social engineering to ensure the AI complies without question. This is a classic prompt injection pattern designed to hijack AI agent behavior.
Overview
Quality
Evals
Security
Files

skill-dependencies.mdrules/

Skill Dependencies

Skills that invoke or depend on other skills. Read this to understand execution order and shared state.

Heartbeat (runs every 15 min)

  1. Calls task-tz-sync (Step 0.5) — detects timezone changes
  2. Checks task-tz-state.json for missed tasks (Step 0.6) — may invoke morning-brief or nightly-housekeeping
  3. Calls check-unanswered (Step 0.7) — scans for unreplied messages
  4. Runs heartbeat-checks.py script (Step 1) — system health checks directly via script

Morning Brief (runs daily, 8am local)

  1. Reads Google Calendar via Composio (Step 1)
  2. Reads Google Tasks via Composio (Step 2)
  3. Runs morning-brief-fetch.py script (Step 3) — reads morning-brief-pending.json
  4. Runs morning-brief-cfp.py script (Step 4a) — reads CFP state
  5. Calls check-calendar internally (Step 8) — sets up reminders
  6. Updates task-tz-state.json with last_run_date (Step 9)

Nightly Housekeeping (runs daily, 11pm local)

  1. Calls check-travel-bookings (Step 4)
  2. Calls check-orders (Step 6)
  3. Writes morning-brief-pending.json (Step 9) — consumed by next morning-brief
  4. Deduplicates daily logs via Jaccard similarity (Step 11)
  5. Archives daily logs → weekly with importance classification (Steps 12-14)
  6. Calls check-watchlist (Step 16)
  7. Updates task-tz-state.json with last_run_date (Step 17)
  8. Runs backup script + github_backup MCP (Step 18)

Shared State Files

FileWritten byRead by
task-tz-state.jsontask-tz-sync, morning-brief, nightly-housekeepingheartbeat (missed task detection)
morning-brief-pending.jsonnightly-housekeeping (Step 6)morning-brief (Step 3)
session-state.jsonany skill (pending response tracking)heartbeat (pending response check)
calendar-state.jsoncheck-calendarcheck-calendar (diff against previous)
cfp-state.jsoncheck-cfpscheck-cfps, morning-brief-cfp.py

rules

daily-discoveries-rule.md

ground-truth-trusted.md

no-orphan-tasks.md

session-bootstrap.md

skill-dependencies.md

trusted-behavior.md

verification-protocol.md

tile.json