ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

opensoulmd

v1.0.1

Search, summon, and possess your agent with SOUL.md personality files from the OpenSOUL.md registry

0· 648·0 current·0 all-time
byDaniel Liu@danielliuzy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is instruction-only and requires a 'soul' CLI binary to manage SOUL.md personality files and interact with the OpenSOUL.md registry — this matches the name and description. The included npm option also makes sense as an alternative installer.
Instruction Scope
Instructions are narrowly focused on the soul CLI (possess, summon, search, banish, path, install/uninstall). However, the commands allow: (1) possessing from arbitrary local file paths (reads local files), (2) changing the skills directory (soul path --skills), and (3) running soul install which can modify the agent's OpenClaw skill set. These capabilities are plausible for the stated purpose but increase the blast radius (can read or write files and alter skill installation locations).
!
Install Mechanism
The SKILL.md recommends installing via `curl -fsSL https://opensoul.md/install.sh | sh` — piping a remote script to sh is high-risk. The alternative (npm package 'opensoul') is lower risk but still involves fetching code from a registry. The install URL is not a clearly-known third-party release host; the domain matches the project name but is an external script source and should be treated as untrusted until audited.
Credentials
No environment variables, credentials, or config paths are requested by the skill metadata. That is proportionate to the described functionality.
Persistence & Privilege
always is false and the skill isn't force-installed. However, the soul CLI can install/uninstall the OpenSoul skill into OpenClaw and can set the skills directory — actions that modify the agent's installed skills. This is functionally consistent but elevates the potential for persistent changes; consider this when granting permission to run installers or 'soul install'.
What to consider before installing
This skill appears to do what it says (manage SOUL.md personalities) but you should proceed cautiously: do not run the recommended `curl | sh` install unless you trust and have audited https://opensoul.md/install.sh — piping remote scripts to a shell is dangerous. Prefer installing via npm or reviewing the installer script first in a safe environment. Be aware that 'soul possess' can load a SOUL.md from any local path (it will read local files) and 'soul path --skills' or 'soul install' can modify your OpenClaw skills directory, so avoid running these commands if you haven't inspected the soul binary and registry behavior. If you decide to use it, verify the opensoul.md site and package source, run with --dry-run when possible, and test in a sandboxed or non-production agent first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6tvytrgx6v58y4t54b49p581bh4y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binssoul

Comments