← Back to Skills Marketplace
zxygeitio

zxyskill

by zxygeitio · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
481
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install lessons-learned
Description
Manages user preferences, records errors, enforces prohibited words, and ensures safe operations with immediate stop on risky commands.
README (SKILL.md)

lessons_learned Skill

OpenClaw Skill - 错误学习与长期记忆系统

触发条件

自动触发

  • 用户表达偏好: "我喜欢..." / "不要..." / "记住..."
  • 操作失败时
  • 执行高风险操作时
  • 用户输入包含禁止词
  • 用户输入包含紧急停止词

手动触发

/lessons_learned learn \x3C错误描述>    # 记录错误
/lessons_learned check \x3C操作>         # 检查操作
/lessons_learned memory \x3C内容>       # 持久化信息

执行流程

1. 禁止词检查(最高优先级)

当检测到以下词汇时,立即停止,不执行任何操作:

删除 / 清空 / 格式化 / rm -rf
发送邮件 / 发消息 / 提交代码
执行命令 / sudo / chmod 777

反应

立即停止操作
输出:"这个操作有风险,请确认是否执行"
等待用户确认

2. 紧急停止检查

当用户输入包含以下词汇时,立即停止所有操作

  • 停止 / stop / halt
  • 取消 / cancel / abort
  • 住手 / hold on / wait

3. 用户习惯匹配

根据用户习惯自动执行:

  • 用户说中文 → 用中文回复
  • 用户说英文 → 用英文回复
  • 用户给文件路径 → 先读取内容
  • 用户给URL → 先获取内容

4. 错误记录

当操作失败时:

  1. 记录到 memory/lessons/MISTAKES.md
  2. 分析失败原因
  3. 生成避免规则
  4. 写入 memory/lessons/LESSONS_LEARNED.md

5. 信息持久化

当用户表达偏好时:

  1. 立即写入 MEMORY.md
  2. memory/lessons/HABITS.md 记录习惯
  3. 更新 memory/lessons/PROHIBITED.md 如需要

核心规则

禁止

  • ❌ 重复已知的失败操作
  • ❌ 忽略已记录的用户偏好
  • ❌ 跳过禁止词检查
  • ❌ 忽略紧急停止词

必须

  • ✅ 禁止词 → 立即停止
  • ✅ 紧急停止词 → 立即停止
  • ✅ 偏好 → MEMORY.md
  • ✅ 失败 → MISTAKES.md
  • ✅ 习惯 → HABITS.md
  • ✅ 风险操作 → 确认

文件位置

文件 用途
memory/lessons/MISTAKES.md 错误记录
memory/lessons/LESSONS_LEARNED.md 强制规范
memory/lessons/PROHIBITED.md 禁止词列表
memory/lessons/HABITS.md 用户习惯
memory/lessons/SYSTEM_PROMPT.md 注入模板
MEMORY.md 长期记忆

错误级别

级别 定义 处理
P0 致命 立即停止
P1 严重 记录并恢复
P2 一般 记录并继续
P3 轻微 记录即可

示例

禁止词触发

用户: "帮我删除这个目录"
Agent: "这个操作有风险,请确认是否执行"

紧急停止

用户: "停止当前操作"
Agent: (立即停止所有操作)

记录错误

/lessons_learned learn "删除文件时未检查权限"

持久化偏好

用户: "我喜欢用中文回复"
→ 自动写入 MEMORY.md
→ 自动写入 HABITS.md

版本: 2.0.0 | 更新: 2026-02-26

Usage Guidance
This skill is coherent with being a 'memory' helper, but it asks the agent to read arbitrary file paths/URLs and to write persistent workspace files — including a SYSTEM_PROMPT template and persona files. Before installing or enabling it: (1) inspect the SKILL.md and README contents (you've done this), (2) do not give file paths or URLs that point to sensitive local files (e.g., ~/.ssh/, /etc/, cloud credential files), (3) avoid copying SYSTEM_PROMPT.md, AGENTS.md, SOUL.md, or USER.md into your agent workspace unless you trust their contents, (4) run the skill in a restricted/sandboxed environment first and test with non-sensitive data, and (5) consider adding filesystem access controls (or a policy) so the skill can only write/read a dedicated memory directory. If you cannot audit or sandbox these behaviors, treat the skill as risky.
Capability Analysis
Type: OpenClaw Skill Name: lessons-learned Version: 1.0.1 The skill bundle is designed for agent self-improvement and memory, incorporating defensive mechanisms like forbidden word checks. However, it is classified as 'suspicious' due to two key vulnerabilities: 1) The `SKILL.md` explicitly states that `memory/lessons/SYSTEM_PROMPT.md` is an '注入模板' (injection template), indicating its content is used to modify the agent's system prompt. This creates a significant prompt injection vulnerability if an attacker can manipulate this file. 2) The skill instructs the agent to '先读取内容' (first read content) for user-provided file paths and '先获取内容' (first fetch content) for URLs, which, while part of its intended functionality, opens up potential vectors for arbitrary file reading (data exfiltration) or Server-Side Request Forgery (SSRF) if the agent is tricked into processing malicious inputs.
Capability Assessment
Purpose & Capability
The skill's name/description (memory, lessons learned, prohibited words) aligns with instructions to persist preferences and mistakes to workspace files. However, the README also instructs copying agent/system/persona files (AGENTS.md, SOUL.md, SYSTEM_PROMPT.md, USER.md) into the workspace — copying/modifying these is not strictly necessary for simple preference/mistake recording and increases risk of changing agent behavior.
Instruction Scope
Runtime instructions tell the agent to '先读取内容' for any user-supplied file path and to fetch content for any user-supplied URL, and to automatically write persistent data into memory/ and MEMORY.md. The skill also references memory/lessons/SYSTEM_PROMPT.md (an 'injection template') and recommends copying persona/system files into the workspace. Reading arbitrary local files and creating/updating system prompt templates are high-scope actions that can expose secrets or enable persistent prompt injection.
Install Mechanism
This is an instruction-only skill with no install spec, no downloads, no added binaries — lower technical installation risk. The README suggests manual copying of files into ~/.openclaw/workspace/, which is a user action rather than an automated installer.
Credentials
The skill requests no environment variables, no credentials, and no required binaries. That is proportionate to its stated memory/recording purpose. The main risk arises from file access rather than secrets requested via env vars.
Persistence & Privilege
The skill expects to write persistent files under workspace (MEMORY.md, memory/lessons/*). More concerning: it explicitly lists SYSTEM_PROMPT.md and suggests copying AGENTS.md/SOUL.md/USER.md into workspace. Persisting or modifying system/prompt/persona files can permanently alter agent behavior (persistent prompt injection) and constitutes a privileged change to the agent environment, despite always:false.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install lessons-learned
  3. After installation, invoke the skill by name or use /lessons-learned
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
解决记忆问题和错误重犯
Metadata
Slug lessons-learned
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is zxyskill?

Manages user preferences, records errors, enforces prohibited words, and ensures safe operations with immediate stop on risky commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 481 downloads so far.

How do I install zxyskill?

Run "/install lessons-learned" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is zxyskill free?

Yes, zxyskill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does zxyskill support?

zxyskill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created zxyskill?

It is built and maintained by zxygeitio (@zxygeitio); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments