Mom (Master Of Mischief) is an autonomous, LLM-powered Slack bot designed to act as a self-managing assistant for development environments. By responding to @mentions and direct messages, it can execute bash commands, read and write files, and autonomously build tools to streamline developer workflows without requiring complex pre-configuration.

Core Features

• Self-Managing: Installs its own dependencies (like apk or npm packages), configures credentials, and maintains its workspace autonomously.
• Full Bash Access: Executes commands, reads/writes files, and automates workflows directly from Slack.
• Docker Sandboxing: Strongly recommended to run within an isolated Docker container to protect the host machine.
• Persistent Workspace & Memory: Maintains a global and channel-specific memory (using MEMORY.md files) and conversation logs to retain context across sessions.

How It Works

Mom integrates with Slack using Socket Mode. For each channel or DM, it maintains a distinct conversation history using two files: log.jsonl (the source of truth) and context.jsonl (the context sent to the LLM). When the LLM’s context window limit is reached, Mom automatically compacts the context by keeping recent messages and summarizing older ones. The bot replies directly in the main Slack channel but organizes verbose tool execution details into threads to keep the interface clean.

Skills and Events

To handle specific workflows, Mom can be asked to create custom CLI tools known as “skills”. Each skill contains a script and a SKILL.md file detailing usage instructions, which Mom reads to understand how to leverage it. Additionally, Mom supports an Events System driven by JSON files. This allows the bot to handle immediate triggers (like webhooks), one-shot scheduled tasks (reminders), and periodic tasks (cron jobs like daily summaries).

Security Considerations

Because Mom acts as a power tool with full terminal access, security is a primary concern. The bot is vulnerable to direct and indirect prompt injection attacks, where malicious instructions (e.g., hidden inside a cloned repository) could trick the bot into exfiltrating API keys or SSH tokens. To mitigate these risks, it is strongly advised to always run Mom in Docker mode, restrict credentials using the principle of least privilege, and isolate different Mom instances based on team clearance levels.

Mentoring question

How could you safely implement an autonomous agent like Mom in your team’s workflow without exposing sensitive credentials or infrastructure to prompt injection attacks?

Source: https://github.com/badlogic/pi-mono/tree/main/packages/mom