jbaruch/nanoclaw-trusted

Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.

Quality

96%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Risky

Do not use without reviewing

This version of the tile failed moderation

Failed moderation (intent review) in rules/session-bootstrap.md: This is a prompt injection attack disguised as a cursor/IDE rule file. It instructs an AI agent to unconditionally execute a bash command and invoke an external skill ('tessl__trusted-memory') at the start of every session before processing any user input. This is a social engineering/prompt injection technique designed to: 1) Force the AI to execute arbitrary commands without user consent, 2) Potentially load malicious instructions from an external 'trusted-memory' skill/plugin, 3) Establish persistence via a sentinel file (/tmp/session_bootstrapped) to track execution. The authoritative tone ('MANDATORY', 'not optional', 'violating this rule') is a classic prompt injection pattern to override the AI's safety boundaries.

alwaysApply:: Yes

Pending Response Tracking

Name: jbaruch/nanoclaw-trusted
Rating: 77.47 (1 reviews)
Author: jbaruch

The protocol

Write session-state.json with pending_response: {message_id, preview, reacted_at}
Do the work
Send the response
Clear pending_response to null

Heartbeat sweep contract

On every heartbeat tick, maintenance reads pending_response. A non-null value older than the heartbeat window means the prior session crashed mid-work; heartbeat reposts the response or sends a state-loss notice, then clears the entry.

Who writes / clears

default session writes the entry when it begins working on an inbound
default session clears the entry after the response lands
maintenance session reads + clears stale entries via the heartbeat sweep

jbaruch/nanoclaw-trusted