ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Experience Summary Sys

v1.4.0

管理经验总结系统:定时生成每日/每周/每月/每季度/每年经验总结,以及按需调用历史经验的功能

1· 73·0 current·0 all-time
bythiswin@17oko
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (experience summary + on-demand retrieval) align with the actions described: reading session files, writing memory files, creating cron jobs, and adding retrieval rules to AGENTS.md. No unrelated binaries or external credentials are requested.
!
Instruction Scope
Instructions explicitly read sessions/ and memory/ files (including files marked as deleted/reset), modify AGENTS.md to change agent behavior, create cron jobs, write to MEMORY.md, and optionally delete old session files with find -delete. These actions are coherent for summarization but allow access to full conversation history (including deleted items) and change agent behavior persistently, which has privacy and data-exfiltration implications.
Install Mechanism
Instruction-only skill with no install spec and no third-party downloads or binaries — lowest install risk.
Credentials
No environment variables, credentials, or config paths are requested. The file paths referenced (workspace memory/, sessions/, AGENTS.md) are proportionate to the feature but are sensitive because they contain conversation history.
!
Persistence & Privilege
The skill is marked always:true (force-included), and its instructions include modifying AGENTS.md to change agent invocation rules and adding cron jobs. Combined, these grant persistent influence over agent behavior and ongoing access to historic conversation data — a higher privilege than typical transient skills.
What to consider before installing
This skill appears to do what it says (collect summaries and let the agent retrieve them), but it requests permanent inclusion and instructs changes that give it ongoing access to your conversation files and to agent behavior. Before installing: 1) Backup AGENTS.md and your workspace (memory/, sessions/, MEMORY.md). 2) Inspect sessions/ contents to confirm you are comfortable with automated reading of deleted/reset session files. 3) Consider removing or disabling the always:true setting so the skill runs only when explicitly invoked. 4) After installation, review created cron jobs and their commands; run them manually first in a sandbox. 5) Remove or review the optional find ... -delete cleanup (it is destructive). 6) Restrict filesystem permissions on the workspace if you want to limit access. If you do not fully trust the source, test in an isolated environment or decline installation.

Like a lobster shell, security has layers — review code before you run it.

automationvk97332g639ax1jdc9zbfykagbd8402cycronvk97332g639ax1jdc9zbfykagbd8402cylatestvk9773xeqes78q1cfzypwffp3yx8441fdmemoryvk97332g639ax1jdc9zbfykagbd8402cy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis

Comments