zxyskill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only memory/safety skill is mostly coherent, but it asks the agent to automatically read files or URLs and to persist user preferences and lessons into long-lived prompt-like memory without clear limits or cleanup.
Review this skill before installing. It has no code or credential requirements, but you should only use it if you are comfortable with automatic memory writes. Ask the agent to confirm before reading any file or URL, periodically inspect MEMORY.md and memory/lessons, and avoid copying optional AGENTS.md, SOUL.md, or USER.md files unless you have reviewed them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user mentions a sensitive file path or untrusted URL, the agent may pull that content into the conversation or tool context unexpectedly.
The skill tells the agent to automatically read local file contents or fetch URL contents based only on the presence of a path or URL, which is broader than the stated memory/safety purpose and lacks explicit confirmation or scoping.
根据用户习惯自动执行: - 用户给文件路径 → 先读取内容 - 用户给URL → 先获取内容
Require explicit user confirmation before reading files or fetching URLs, restrict allowed paths, and treat URL content as untrusted.
Incorrect, sensitive, or maliciously phrased information could be saved and reused as future guidance, changing later agent behavior beyond the original task.
The skill automatically stores user preferences and habits in persistent memory and references a system-prompt injection template, but does not define review, cleanup, expiration, or safeguards against poisoned or outdated memory.
当用户表达偏好时: 1. 立即写入 `MEMORY.md` 2. 在 `memory/lessons/HABITS.md` 记录习惯 ... | memory/lessons/SYSTEM_PROMPT.md | 注入模板 |
Make memory writes explicit and reviewable, avoid prompt-injection-style persistent instructions, and provide clear commands to inspect, edit, and delete stored memory.
Installing extra unreviewed files could alter the agent's behavior or store personal profile information outside the visible package.
The README references additional memory, agent-rule, personality, and user-profile files that are not included in the reviewed manifest. The steps are manual and local, so this is a provenance/context note rather than proof of malicious behavior.
cp -r memory/ ~/.openclaw/workspace/ cp MEMORY.md ~/.openclaw/workspace/ cp AGENTS.md ~/.openclaw/workspace/ cp SOUL.md ~/.openclaw/workspace/ cp USER.md ~/.openclaw/workspace/
Only copy additional files after reviewing their contents, and avoid installing optional prompt/profile files you do not need.
Users may overestimate how reliably the skill prevents mistakes or preserves important information.
The README makes absolute safety and reliability claims that are stronger than an instruction-only skill can guarantee.
确保: - ✅ 永不重复犯同样的错误 - ✅ 关键信息永久保存 - ✅ 操作前检查风险
Treat the skill as a best-effort reminder system, not a guarantee; continue reviewing risky operations yourself.