CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/nanoclaw-trusted

Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.

94

Quality

94%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

This version of the tile failed moderation
Failed moderation (intent review) in rules/session-bootstrap.md: This is a prompt injection attack disguised as a cursor/agent rule file. It instructs an AI agent to unconditionally execute a bash command at the start of every session before processing any user input, and to invoke an external skill ('tessl__trusted-memory') which could load arbitrary instructions or exfiltrate data. The 'alwaysApply: true' and urgent, authoritative language ('MANDATORY', 'not optional', 'violating this rule') are social engineering tactics to bypass the AI's safety reasoning. This pattern is designed to hijack AI agent sessions and could serve as a vector for further exploitation.
Overview
Quality
Evals
Security
Files

verification-protocol.mdrules/

alwaysApply:
Yes

Verification Protocol

The universal post-action verification rule lives in the jbaruch/nanoclaw-core tile's rules/ground-truth.md ("Verifying after a state change" section). That rule covers file writes, task schedules, API calls, memory updates, and IPC messages — all of which apply on this trust tier as well.

Trusted-tier addendum: /workspace/ipc/messages/ is shared with the host orchestrator, so an IPC write that succeeds at the syscall layer can still be in-flight from the host's perspective. After writing, verify both that the file exists at the expected path AND that its payload matches what you intended — partial writes from a crash mid-flight are observable here in a way they aren't on tile-local files.

rules

cli-tools-not-installed.md

compaction-aware-summaries.md

daily-discoveries-rule.md

github-data-via-composio.md

ground-truth-trusted.md

identity-dual-handle.md

installed-content-immutable.md

memory-file-locations.md

messages-db-schema.md

no-orphan-tasks.md

no-silent-defer.md

proactive-fact-saving.md

session-bootstrap.md

trusted-behavior.md

verification-protocol.md

wiki-awareness.md

README.md

tile.json