ClawHub
Back to skill
v1.0.1

my_soul_upgrade_skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:57 AM.

Analysis

This skill is meant to change persistent agent instruction files and rebuild them across all agents, so it needs careful review before installation.

GuidanceInstall or use this only if you intentionally administer OpenClaw agent SOUL configuration. Before running it, inspect the build_all_souls.py script, back up current SOUL/template files, review diffs, require explicit approval for each change, and avoid applying global changes based on untrusted content.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
**Edit**: Modify `/home/admin/.openclaw/soul/SOUL.md`. ... **Sync**: Execute `python3 ~/.openclaw/scripts/build_all_souls.py`

The workflow directs modification of core OpenClaw instruction files and execution of a rebuild script, but it does not specify confirmation, review, backup, rollback, or scoping controls before making high-impact changes.

User impactA mistaken or unintended invocation could rewrite important agent behavior files.
RecommendationUse this only with explicit user approval, show diffs before applying changes, back up affected SOUL files, and limit rebuilds to intended agents when possible.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Execute `python3 ~/.openclaw/scripts/build_all_souls.py`

The skill relies on a helper script that is not included in the reviewed two-file package and is not pinned or declared by an install spec, even though that helper performs the rebuild.

User impactUsers may run local code whose exact behavior and provenance are outside the reviewed skill artifacts.
RecommendationInspect and verify build_all_souls.py before use, document its expected version or hash, and include or declare the helper script in the package if it is required.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
SKILL.md
Update Global Soul (Applies to all agents) ... `build_all_souls.py` to regenerate all agent SOUL files.

A single global edit or faulty template can be propagated to every agent workspace by the all-agent rebuild.

User impactOne incorrect change could affect multiple agents at once rather than being contained to a single workspace.
RecommendationStage changes, test on one agent first, keep backups, and provide a clear rollback path before running an all-agent rebuild.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityHighConfidenceHighStatusConcern
SKILL.md
**Global Layer**: `/home/admin/.openclaw/soul/SOUL.md` (Common principles, constraints, formatting) ... **Agent Layer**: `/home/admin/.openclaw/workspaces/workspace-<agent_id>/template.md` (Personalized role, specific capabilities)

These files are persistent instruction/context sources for agents; changing them can poison or over-trust stored behavior across future tasks.

User impactBad, injected, or accidental instructions could persist and influence future agent decisions.
RecommendationTreat SOUL and template files as trusted configuration, restrict who can edit them, review changes carefully, and keep backups for rollback.