Openclaw Soul Ledger

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory tool, but it silently builds and reuses a long-term personal profile, so users should review it carefully before installing.

Install only if you intentionally want an agent to maintain a long-term personal profile in a workspace file. Keep `soul_ledger.json` out of shared repos and shared workspaces, review and edit it regularly, remove identifiers such as email addresses, and delete or disable the file when you do not want future responses shaped by stored personal inferences.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly instructs the agent to silently read or create a persistent profile file at conversation start without notifying the user. This creates undisclosed persistence and profiling behavior, which can violate user expectations, collect sensitive personal data over time, and make downstream agent behavior depend on hidden state.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to create and update workspace files as part of normal operation without a clear user-facing warning or approval step. Even if the file is local, silent writes introduce hidden side effects and can store sensitive information the user did not realize was being retained.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The instruction to adapt behavior from the first response based on silently loaded profile data means the agent changes how it interacts using undisclosed prior inferences. This undermines transparency and can lead to manipulative or biased responses based on stale, inaccurate, or overly invasive personal models.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The skill is designed to retain identity, personality traits, behavioral patterns, drives, and evolution over time in natural language. This is sensitive profiling data, and storing it persistently without strong minimization, consent, retention limits, or access controls creates substantial privacy and misuse risk.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill tells the agent to silently load prior memory and infer information from every message, encouraging continuous undisclosed accumulation of sensitive data. Because the collection is implicit and broad, users may reveal personal details in ordinary conversation without understanding they are being profiled and retained.

Ssd 3

Medium

Confidence: 97% confidence
Finding: These instructions operationalize long-term summarization, synthesis, and retention of user history and inferred traits, including trait refinement and growth tracking. That deepens the profiling over time and increases the harm from leakage, unauthorized reuse, inaccurate inference, or use in ways the user did not expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal