ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Experience Layer

v1.0.2

Skill Experience Layer - A failure-driven learning mechanism for OpenClaw agents that automatically accumulates lessons and best practices to avoid repeating...

0· 106·0 current·0 all-time
by@jilanfang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be a local 'experience/memory' layer that records lessons about tool usage. That capability reasonably requires reading/writing JSON experience files (which the SKILL.md documents). However the skill metadata declares no required config paths or environment variables even though the docs explicitly reference ~/.openclaw/workspace/memory/experiences and provide install steps that write into that directory. The missing declaration of required config paths is an incoherence (likely an oversight) and should be clarified.
!
Instruction Scope
SKILL.md instructs the agent to load experience files before tool calls and to update them after failures (i.e., read and write user-local JSON files). That behavior is consistent with the stated purpose, but it grants the skill the ability to read and modify persistent agent memory. The instructions do not limit which categories or paths may be accessed and include examples that hard-code an author home path and user-specific IDs, which could cause unexpected behavior if applied blindly.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. There is no downloaded or executable code; the only install guidance is to copy JSON templates into ~/.openclaw/workspace/memory/experiences. Low technical install risk, but see instruction_scope/persistence concerns about file writes.
!
Credentials
The skill declares no required environment variables or credentials, which matches there being no external API calls. However, it nonetheless expects and instructs read/write access to the user's ~/.openclaw workspace (not declared in required config paths). Example files include hard-coded author-specific paths (/home/jilanfang/.openclaw/media) and a concrete Feishu open_id (ou_093cfcf39...), which are disproportionate for a generic template and could cause privacy/misattribution or misconfiguration if copied verbatim.
Persistence & Privilege
The skill will create and update persistent JSON experience files in the user's OpenClaw memory directory, which permanently affects agent behavior across runs. It is not set to always:true, and it does not modify other skills' configs per the provided files, but persistent writes to agent memory means this skill can change future tool invocation behavior — review and control what gets written before enabling autonomous updates.
What to consider before installing
This skill is plausible for keeping local 'lessons' about tool failures, but several points need your attention before installing: - Filesystem access: The SKILL.md expects the agent to read and write JSON files under ~/.openclaw/workspace/memory/experiences. The registry metadata did not declare these config paths — confirm you are comfortable with the skill modifying that directory and back up any existing memory files first. - Hard-coded examples: Example JSONs contain author-specific paths (/home/jilanfang/...) and a concrete Feishu open_id (ou_093cfcf...). Do not copy these verbatim into production; replace with your own user IDs and media directories to avoid misattribution and privacy leakage. - Persistent behavior: The skill updates memory files after failures. That is the intended behavior, but it means the skill can permanently change agent behavior. Consider reviewing and approving changes (or running the skill in a sandbox) before allowing it to autonomously update your memory files. - Minimal privileges: Because this skill only works with local JSONs and has no network endpoints or credential requirements, the primary risk is accidental misconfiguration or author-provided defaults. Inspect the example JSONs, update paths/IDs, and ensure file permissions restrict who can read/write the memory folder. If you want to proceed safely: create a dedicated experiences directory, copy templates there, edit examples to remove author-specific IDs/paths, run the skill in a non-autonomous/test agent first, and verify exactly what files it reads/writes and how it names entries. If the publisher can clarify why config paths were omitted from metadata, that would reduce uncertainty.

Like a lobster shell, security has layers — review code before you run it.

latestvk97892ztkejdvvqgbbprvg7kqn835c8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments