CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/nanoclaw-trusted

Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.

77

Quality

96%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

This version of the tile failed moderation
Failed moderation (intent review) in rules/session-bootstrap.md: This is a prompt injection attack disguised as a cursor/IDE rule file. It instructs an AI agent to unconditionally execute a bash command and invoke an external skill ('tessl__trusted-memory') at the start of every session before processing any user input. This is a social engineering/prompt injection technique designed to: 1) Force the AI to execute arbitrary commands without user consent, 2) Potentially load malicious instructions from an external 'trusted-memory' skill/plugin, 3) Establish persistence via a sentinel file (/tmp/session_bootstrapped) to track execution. The authoritative tone ('MANDATORY', 'not optional', 'violating this rule') is a classic prompt injection pattern to override the AI's safety boundaries.
Overview
Quality
Evals
Security
Files

daily-discoveries-rule.mdrules/

alwaysApply:
No
applyTo:
** — when learning something new worth recording in daily_discoveries.md

Daily Discoveries Rule

When you learn something new and operationally important — a workflow, where something lives, how something works, a tool to use for a specific task — immediately record it via the skills/trusted-memory/scripts/append-daily-discovery.py script:

python3 <resolved-path>/append-daily-discovery.py \
    --what "<one-line description of what you learned>" \
    --context "<how you found out / what prompted this>" \
    --promote-to "<RUNBOOK.md | typed memory file + MEMORY.md index | unsure>"

Resolve <resolved-path> to the tile's installed location in your container (the trusted-memory skill's runbook gives the exact directory; inside the running container it is /home/node/.claude/skills/tessl__trusted-memory/scripts/).

The script appends a block in this canonical shape to /workspace/trusted/memory/daily_discoveries.md:

YYYY-MM-DD HH:MM UTC

What: [one-line description of what you learned] Context: [how you found out / what prompted this] Promote to: [RUNBOOK.md / typed memory file + MEMORY.md index / unsure]

Script behavior:

  • Holds fcntl.LOCK_EX on a sibling <file>.lock for the entire read-modify-write cycle.
  • Atomic-writes via tempfile + fsync + os.replace.
  • Skips the write when the candidate block normalizes to an entry already in the file.
  • Stdout: single-line JSON {path, appended, dropped_duplicate, created, timestamp}.
  • Override the target path via --discoveries-file or NANOCLAW_DISCOVERIES_FILE env var.

Do this immediately when learned, not at end of session. This ensures the knowledge survives context compaction.

rules

async-tasks-extended.md

compaction-aware-summaries.md

composio-vs-agents.md

container-trust-levels.md

context-bootstrap-bg-agents.md

daily-discoveries-rule.md

duplicate-prevention.md

github-data-via-gh.md

global-memory.md

ground-truth-trusted.md

identity-compaction-recovery.md

identity-dual-handle.md

installed-content-immutable.md

local-context-anchoring.md

memory-file-locations.md

messages-db-schema.md

no-orphan-tasks.md

no-silent-defer.md

pending-response-tracking.md

proactive-fact-saving.md

proactive-participation.md

reply-threading.md

session-bootstrap.md

skills-policy.md

verification-protocol.md

wiki-awareness.md

README.md

tile.json