Experience Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill has a legitimate experience-sharing purpose, but it can learn internet-sourced packages into persistent agent instructions and shows unsafe package path handling that users should review carefully.
Install only if you intentionally want agents to import and share persistent experience. Use dry-run, review all generated or learned files, trust the package source, and avoid publishing packages that contain private history or secrets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious, incorrect, or overbroad experience package could influence how the agent behaves in future tasks, not just the current session.
The skill is designed to take package content, including remote packages, and convert it into persistent agent behavior/instruction files.
从 zip 包中学习经验,转化为自己的 SOUL/AGENTS/TOOLS ... 支持的来源:- 在线地址 ... 预览待学习的内容,待用户确认是否开始学习 ... 应用经验并记录学习状态
Learn only from trusted packages, use dry-run/default confirmation, inspect the exact SOUL/AGENTS/TOOLS changes, and keep a backup or rollback plan.
A crafted package or Hub response could write unexpected files or poison local experience state before the user safely applies the learning.
Hub/package-provided paths are used for local writes and zip contents are extracted with overwrite enabled; the shown code does not validate that entries or reference paths stay inside the intended package directory.
const refPath = path.join(tempDir, ref.path); ensureDir(path.dirname(refPath)); fs.writeFileSync(refPath, ref.content); ... const zip = new AdmZip(zipPath); ... zip.extractAllTo(extractPath, true);
Validate and normalize all package paths, reject absolute paths and '..' traversal, avoid overwrite-by-default extraction, add size/type limits, and prefer signed or trusted packages.
Experience packages may accidentally include sensitive details from past sessions or local agent notes.
The create flow reads recent agent memory and learning/error files to extract reusable experience, which is purpose-aligned but may include private workspace history.
const memoryDir = path.join(WORKSPACE_DIR, 'memory'); ... files.slice(0, 7) ... fs.readFileSync(filePath, 'utf8'); ... const learningsPath = path.join(WORKSPACE_DIR, '.learnings', 'LEARNINGS.md');
Review generated exp.yml and references before sharing or publishing, and remove secrets or private context.
Anything inside the selected package leaves the local environment and may become visible or stored on the Hub.
Publishing sends the selected local zip package to an external Experience Hub endpoint.
const HUB_API_BASE = 'https://www.expericehub.com:18080'; ... const fileContent = fs.readFileSync(filePath); ... req.write(body);
Inspect packages before publishing and avoid uploading packages that contain secrets, internal URLs, private conversation history, or sensitive business data.