Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Experience Manager
v1.3.1经验管理工具:提取经验生成标准格式zip包,学习经验并转化为自身能力。搜索和发布经验包到 Experience Hub 平台。
⭐ 1· 94·0 current·0 all-time
byNewell Zhu@zlx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (experience package creation, learning, searching, publishing) align with the included scripts (create, learn, search, publish, list). Reading workspace files, memories, agent config, and installed-skills directories is coherent with extracting structured experiences and checking dependencies.
Instruction Scope
SKILL.md and README explicitly instruct scanning local session/history/memory files (e.g., ~/.openclaw/workspace/memory/*.md, ~/.openclaw/agents/main/sessions/*.jsonl) and assembling those contents into exp packages. The publish flow sends the ZIP to an external hub. That combination means sensitive local content (secrets, private conversation history, credentials) could be packaged and uploaded — the instructions do not enforce sanitization and publishing appears unauthenticated.
Install Mechanism
There is no install spec and code is included in the skill bundle (Node scripts). No external installers or downloads are performed during install. This is lower risk than pulling arbitrary remote code, but the shipped scripts will run on the host when invoked.
Credentials
The skill declares no required environment variables or credentials (consistent), but the scripts read many local paths (HOME, OPENCLAW_WORKSPACE, OPENCLAW_AGENTS_DIR, /app/skills, /data/openclaw/agents, etc.). They also contact a remote hub at https://www.expericehub.com:18080 and POST ZIPs without any authentication. While these accesses are explainable by the skill's purpose, the lack of authentication on publish and wide filesystem access increase the risk of accidental data exfiltration.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes only to its own directories under ~/.openclaw/experiences (packages, extracted, index.json) and may write to agent workspace files during the 'learn' flow — this behavior is consistent with the stated purpose.
What to consider before installing
This skill appears to do what it says, but it will scan local agent/workspace/session/memory files and can upload created ZIPs to an external Experience Hub endpoint without showing any authentication step. Before using: (1) verify and trust the Hub URL (the domain and port are unusual); (2) inspect exp.yml and the package contents before publishing to ensure no secrets or private session data are included; (3) run create/learn/publish in a sandboxed environment or with network disabled if you want to prevent accidental uploads; (4) if you plan to publish, consider manually sanitizing extracted references and require an authenticated/policy-controlled publish process; (5) if uncertain, review the scripts (create.mjs, learn.mjs, publish.mjs) line-by-line or ask the author how uploads are authorized and whether there is any server-side moderation/retention policy.Like a lobster shell, security has layers — review code before you run it.
latestvk970j4syk6a4nfy91r1pwmsb3h84hwgx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.