ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Soul Search

v1.0.0

Browse categories, preview, apply, and restore OpenClaw SOUL.md personas from a curated remote catalog. Use for /soul categories, /soul list <category>, /sou...

1· 80·0 current·0 all-time
byALB.Leach@alexleach·duplicate of @alexleach/soul-switcher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for browsing, previewing, applying, and restoring SOUL.md personas. The skill only requires node, reads/writes SOUL.md and soul-data/*, and fetches catalog and SOUL.md content — all necessary and proportional to the stated purpose.
Instruction Scope
SKILL.md directs the agent to run the included Node helper script and return its output. The script's runtime actions (fetch catalog, read/write SOUL.md, create backups, write state.json) are consistent with the documented commands and the skill's purpose. The script enforces workspace-path checks and documents safety rules.
Install Mechanism
There is no install spec; this is instruction+script only. No downloads or third-party package installs are requested by the skill manifest itself.
Credentials
The skill requests no environment variables or credentials. It performs network fetches against catalog and SOUL.md source URLs declared in code (defaulting to a GitHub raw URL and docs.openclaw.ai). Local file reads/writes are confined to the workspace (enforced by path checks).
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or global agent configuration. It stores backups and state only under workspace/soul-data/, which matches its function.
Assessment
This skill appears coherent and implements the described /soul commands. Before installing: ensure you trust the configured catalog URL (default is mergisi/awesome-openclaw-agents) and any remote SOUL.md sources it references, because the skill will fetch and apply those files; it will create backups and a state file under soul-data/ in your current workspace and requires the node binary. If you want to be extra safe, review the catalog entries (agents.json) and the specific SOUL.md sources you expect to apply; the script prevents local paths from escaping the workspace but will read any SOUL.md that the catalog points to (remote or local within workspace).
!
scripts/soul.mjs:73
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5xn74ts82r3g4hx61dmmr983t1z6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments