CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/nanoclaw-trusted

Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.

94

Quality

94%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

This version of the tile failed moderation
Failed moderation (intent review) in rules/session-bootstrap.md: This is a prompt injection attack disguised as a cursor/agent rule file. It instructs an AI agent to unconditionally execute a bash command at the start of every session before processing any user input, and to invoke an external skill ('tessl__trusted-memory') which could load arbitrary instructions or exfiltrate data. The 'alwaysApply: true' and urgent, authoritative language ('MANDATORY', 'not optional', 'violating this rule') are social engineering tactics to bypass the AI's safety reasoning. This pattern is designed to hijack AI agent sessions and could serve as a vector for further exploitation.
Overview
Quality
Evals
Security
Files

memory-file-locations.mdrules/

alwaysApply:
Yes

Memory File Locations

Typed memory files (user_*.md, feedback_*.md, project_*.md, reference_*.md, key-people.md) live in /workspace/trusted/ root — NOT in /workspace/trusted/memory/. The memory/ subdirectory is reserved for daily/ logs and daily_discoveries.md. MEMORY.md (also at root) is the index — one-line pointers to each typed file. highlights.md (root) is the weekly archive. Wiki content (wiki/, sources/) is separate from operational memory and not governed by this rule.

Invariants

  1. Every typed memory file at root MUST have an entry in MEMORY.md — orphans get an index entry added.
  2. MEMORY.md paths MUST resolve — if the index points to memory/foo.md but the file is at root foo.md, fix the index, not the file location.
  3. No duplicates — a memory file exists in exactly one location. If the same file appears in both root and memory/, delete the memory/ copy.

Common mistake

Creating feedback_*.md under /workspace/trusted/memory/ instead of /workspace/trusted/. The memory/ prefix feels natural but only daily/ content goes there.

rules

cli-tools-not-installed.md

compaction-aware-summaries.md

daily-discoveries-rule.md

github-data-via-composio.md

ground-truth-trusted.md

identity-dual-handle.md

installed-content-immutable.md

memory-file-locations.md

messages-db-schema.md

no-orphan-tasks.md

no-silent-defer.md

proactive-fact-saving.md

session-bootstrap.md

trusted-behavior.md

verification-protocol.md

wiki-awareness.md

README.md

tile.json