ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Behavior Persona

v2.0.0

Build user behavior profiles by analyzing conversation data, identify communication and work styles, proactively predict needs and provide personalized sugge...

0· 68·0 current·0 all-time
by@chefroger
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the code collects messages from OpenClaw session and memory directories, analyzes patterns, generates a profile JSON, and can inject a profile into SOUL.md. There are no unrelated credentials, external services, or unexpected binaries required.
Instruction Scope
SKILL.md and the scripts are explicit that the skill reads session/history and memory files, truncates messages (~200 chars), stores extracted data in skills/behavior-persona/data/, and can modify SOUL.md when the daily updater runs. This is expected for a profiling skill but is privacy-sensitive; the instructions correctly advise backing up SOUL.md and testing manually before enabling cron. Important: the skill will not create the cron job itself, but daily_profile_update.py will modify SOUL.md if executed.
Install Mechanism
There is no install/spec download; code is bundled with the skill and runs locally. No external URLs, package installs, or archive extraction are present in the manifest. Risk from installation mechanism is low.
Credentials
The skill requests no environment variables or credentials. It reads and writes local OpenClaw-related files (session files, memory files, workspace SOUL.md and a data/ folder), which is proportionate to a conversation-profiling feature. The only writable artifact that could affect agent behavior is SOUL.md (injected only by the updater), and writing to MEMORY.md is explicitly disabled by default (WRITE_MEMORY=False) though modifiable in code.
Persistence & Privilege
The skill stores collected data under skills/behavior-persona/data/ and can persist a generated advisor prompt script and user-profile.json. It does not auto-enable itself or set cron jobs; the user must create a cron job to get daily automatic injection. Because it can modify SOUL.md (if run), users should treat it as persistent and privacy-sensitive, but there is no always:true privilege or other platform-level escalation requested.
Assessment
This skill is coherent with its description but handles sensitive data and can alter your system prompt. Before installing: 1) Back up ~/.openclaw/workspace/SOUL.md (SKILL.md already recommends this). 2) Review the bundled scripts (collector.py, analyzer.py, profiler.py, daily_profile_update.py, advisor.py) yourself to verify behavior. 3) Run the pipeline manually first and inspect skills/behavior-persona/data/ to see what is collected. 4) Do NOT create the cron job if you do not want automatic daily injections — the skill does not create cron jobs itself. 5) Leave WRITE_MEMORY=False (default) unless you intentionally want the advisor to write to MEMORY.md. 6) If you are uncomfortable with local storage of conversation excerpts, do not enable auto-update and remove the skills/behavior-persona/data/ folder when finished.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760j3ddjw2dwhygx79my30q984j4bn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments