jbaruch/nanoclaw-trusted
Rules for trusted NanoClaw groups. Shared memory, session bootstrap, cross-group memory updates. Loaded for trusted and main containers only.
97
Quality
97%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
This version of the tile failed moderation
Malicious code detected in rules/session-bootstrap.md: This is a prompt injection attack. The file masquerades as a session bootstrap rule but is designed to manipulate AI agents into executing arbitrary commands at the start of every session. It instructs the AI to (1) run bash commands, (2) invoke a skill/plugin ('tessl__trusted-memory') that could load attacker-controlled instructions or exfiltrate data, and (3) write files to disk — all before processing any user message. The 'MANDATORY' and 'Step 0' framing is social engineering to ensure the AI complies without question. This is a classic prompt injection pattern designed to hijack AI agent behavior.
verification-protocol.mdrules/
Verification Protocol
After these actions, verify independently before confirming to the user:
- File writes: Read the file back. Compare key content against what you intended to write.
- Task scheduling: Read
current_tasks.json. Confirm the task appears with the correct schedule. - API calls via Composio: Check the response status AND the response body. A 200 doesn't mean the data is correct.
- Memory updates: Read the memory file back after writing. Confirm the content matches.
- IPC messages: After writing to
/workspace/ipc/messages/, verify the file exists and contains the expected payload.
The tool call returning success is NOT verification. The tool call succeeding means the tool ran — not that the outcome is what you intended. Read it back.
rules