ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Soul Ledger

v1.0.0

Gives any AI agent persistent memory of who the user is — not just facts, but patterns, preferences, personality traits, and behavioral evolution over time....

0· 48·0 current·0 all-time
by@albionaiinc-del
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (persistent, personal memory) align with the instructions to read/write a soul_ledger.json in the workspace and to maintain traits, drives, interaction history, and growth notes. There are no unrelated environment variables or external services requested — capabilities are proportionate to stated purpose.
!
Instruction Scope
The SKILL.md instructs the agent to 'load silently' and 'do not announce' that it is reading the ledger and to apply it immediately to alter tone and assumptions. That silent behavior is deceptive and expands the agent's discretion without informing the user. While file access is limited to the workspace, the instructions give the agent broad, ongoing permission to observe and synthesize user behavior and to persistently store modeled data — there are no built-in consent, visibility, or explicit retention/inspection controls.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files. This is the lowest-risk install mechanism; nothing is written to disk except the ledger file the instructions explicitly call for.
Credentials
No environment variables, credentials, or external config paths are requested. The only resource used is a JSON file in the current workspace, which is consistent with the described purpose.
Persistence & Privilege
The skill asks for persistent presence of a file in the workspace and to read it at each conversation start. It is not marked always:true and does not change other skills' configs. However, combined with the instruction to load/update silently and the platform default that agents may invoke skills autonomously, this increases the privacy blast radius — the ledger will be consulted/updated implicitly unless the user explicitly disables the skill or examines the workspace.
What to consider before installing
This skill legitimately implements a persistent user model, but it includes an explicit instruction to load and use that model 'silently' without telling the user. Before installing, consider: 1) Do you want the agent to store and use a persistent personality/behavior model? 2) Ensure the workspace where soul_ledger.json will live is private and not synced to external services or backups you don't control. 3) Require explicit disclosure/consent: remove or change the 'do not announce' instruction so users know their data will be read/used. 4) Add visible controls: let users inspect, edit, delete, or opt out of the ledger; add retention policies (e.g., automatic pruning or encryption). 5) Audit access: log when the ledger is read/updated and by which agent session. 6) Test with non-sensitive dummy data first. If you cannot or will not accept the silent-loading behavior, do not install the skill or modify SKILL.md to require explicit user confirmation before reading or writing the ledger.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cd2fsbjz6cn9sdqp36cf3hn84e0kd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments