Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
zxyskill
v1.0.1Manages user preferences, records errors, enforces prohibited words, and ensures safe operations with immediate stop on risky commands.
⭐ 0· 418·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (memory, lessons learned, prohibited words) aligns with instructions to persist preferences and mistakes to workspace files. However, the README also instructs copying agent/system/persona files (AGENTS.md, SOUL.md, SYSTEM_PROMPT.md, USER.md) into the workspace — copying/modifying these is not strictly necessary for simple preference/mistake recording and increases risk of changing agent behavior.
Instruction Scope
Runtime instructions tell the agent to '先读取内容' for any user-supplied file path and to fetch content for any user-supplied URL, and to automatically write persistent data into memory/ and MEMORY.md. The skill also references memory/lessons/SYSTEM_PROMPT.md (an 'injection template') and recommends copying persona/system files into the workspace. Reading arbitrary local files and creating/updating system prompt templates are high-scope actions that can expose secrets or enable persistent prompt injection.
Install Mechanism
This is an instruction-only skill with no install spec, no downloads, no added binaries — lower technical installation risk. The README suggests manual copying of files into ~/.openclaw/workspace/, which is a user action rather than an automated installer.
Credentials
The skill requests no environment variables, no credentials, and no required binaries. That is proportionate to its stated memory/recording purpose. The main risk arises from file access rather than secrets requested via env vars.
Persistence & Privilege
The skill expects to write persistent files under workspace (MEMORY.md, memory/lessons/*). More concerning: it explicitly lists SYSTEM_PROMPT.md and suggests copying AGENTS.md/SOUL.md/USER.md into workspace. Persisting or modifying system/prompt/persona files can permanently alter agent behavior (persistent prompt injection) and constitutes a privileged change to the agent environment, despite always:false.
What to consider before installing
This skill is coherent with being a 'memory' helper, but it asks the agent to read arbitrary file paths/URLs and to write persistent workspace files — including a SYSTEM_PROMPT template and persona files. Before installing or enabling it: (1) inspect the SKILL.md and README contents (you've done this), (2) do not give file paths or URLs that point to sensitive local files (e.g., ~/.ssh/, /etc/, cloud credential files), (3) avoid copying SYSTEM_PROMPT.md, AGENTS.md, SOUL.md, or USER.md into your agent workspace unless you trust their contents, (4) run the skill in a restricted/sandboxed environment first and test with non-sensitive data, and (5) consider adding filesystem access controls (or a policy) so the skill can only write/read a dedicated memory directory. If you cannot audit or sandbox these behaviors, treat the skill as risky.Like a lobster shell, security has layers — review code before you run it.
latestvk970t9jdcvs9y77y31w1j1s9as81w5p8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.