Expertpack Export
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate export tool, but it reads and packages private workspace memory and has an output-path handling issue that could write outside the intended export folder if given a crafted scan.
Install only if you want a portable copy of your OpenClaw workspace knowledge. Run the scan first, inspect the proposed files and final export, manually review for secrets and private personal data, and avoid using untrusted or edited scan manifests until the slug/path sanitization issue is fixed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious workspace/scan manifest could cause the export step to create or overwrite files in a location the user did not intend.
compose.py uses scan-manifest pack keys to form a filesystem path without visible slug validation. If the scan manifest or workspace-derived identity slug contains '../' or an absolute path, generated manifest/overview files could be written outside the intended export tree.
agent_slug = agent_packs[0] ... composite_slug = f"{agent_slug}-full" ... composite_dir = export / "composites" / composite_slug
composite_dir.mkdir(parents=True, exist_ok=True)Restrict slugs to safe kebab-case basenames, reject absolute paths and '..', and verify resolved output paths remain inside the selected export directory before writing.
The exported ExpertPack may preserve sensitive personal or operational knowledge and carry it into future agent instances if imported or shared.
The scanner intentionally inventories memory files, logs, and scripts for export. This is aligned with backing up an agent, but those sources can contain private user details, operational infrastructure, and instructions that may later be reused as agent context.
for f in sorted(memory_dir.glob("*.md")): ... logs_dir = ws / "logs" ... for md_file in logs_dir.rglob("*.md"): ... scripts_dir = ws / "scripts"Review the scan manifest and generated pack files carefully, keep user-specific content private, manually check for secrets beyond pattern-based validation, and only share the export with trusted recipients.