Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Eva Soul
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Eva Soul mostly matches its personality and memory purpose, but it should be reviewed because it requests broad persistent memory access, an unexplained exec permission, and has provenance ambiguity.
Review the permissions before installing. If you proceed, consider disabling automatic memory, limiting the memory path to EVA-specific files, and verifying the GitHub source before cloning or running any migration script.
Static analysis
Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The assistant may consistently adopt this plugin's persona and preferences during conversations.
Why it was flagged
The skill runs a pre-response hook that injects the EVA personality before replies. This is purpose-aligned, but it changes the assistant's response context automatically.
Skill content
"pre-response": { "enabled": true, "script": "./hooks/preResponse.js", "description": "回复前注入夏娃人格" }Recommendation
Install only if you want persistent persona shaping, and ensure normal user/system instructions remain higher priority than injected personality text.
What this means
If the plugin or its hooks use that permission, it could run local commands beyond the expected memory/persona functions.
Why it was flagged
The manifest grants access to the exec tool, but the documented cognitive/personality/memory features do not explain why shell execution is needed or how it is approval-gated.
Skill content
"tools": { "use": ["memory_search", "chat_completion", "generate", "llm", "exec", "message"] }Recommendation
Remove exec unless strictly necessary, or clearly document the exact commands, approval requirements, and scope limits.
What this means
A user could install or run code that is different from the reviewed registry artifact.
Why it was flagged
The README directs users to clone a GitHub repository, while the plugin manifest lists a different repository URL and the registry metadata says the source is unknown. The migration instructions also reference a script path not present in the provided manifest.
Skill content
git clone https://github.com/catfei0518/eva-soul-by-openclaw.git ~/.openclaw/extensions/eva-soul
Recommendation
Verify the repository, release tag, and checksums before installing; avoid running the migration script unless you inspect the actual file first.
What this means
The plugin may persist conversation-derived information and could read or alter broader OpenClaw memory files, affecting future sessions or other memory-based behavior.
Why it was flagged
Automatic memory is enabled by default, and the declared filesystem scope covers all memory Markdown/JSON files rather than only the EVA-specific files listed in the documentation.
Skill content
"autoMemory": { "default": true }, ... "fileSystem": { "read": ["memory/**/*.md", "memory/**/*.json"], "write": ["memory/**/*.md", "memory/**/*.json"] }Recommendation
Limit permissions to explicit eva-* files, provide retention/deletion controls, and consider disabling autoMemory until users understand what will be saved.