opensoulmd
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about changing the agent’s personality, but it can apply third-party SOUL.md instructions persistently while skipping confirmation.
Only install this if you intentionally want third-party SOUL.md files to change your agent’s future behavior. Prefer searching or summoning first, review the selected soul, avoid automatic `--yes` possession unless you are sure, and remember `soul exorcise` can restore the original personality.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A downloaded personality file could make later conversations behave in ways the user did not expect or intend.
The skill directs the agent to make third-party registry SOUL.md content active as the agent's personality/instructions, which can redirect future agent behavior without first requiring content review.
Run `soul possess <name> --yes` — this auto-summons from the registry if the soul isn't cached locally.
Search or summon first, review the SOUL.md content or use dry-run, and only possess trusted souls after explicit user confirmation.
The agent may apply a new persistent personality without showing the tool's normal confirmation step.
The instructed default bypasses an interactive confirmation for a high-impact write that changes the agent's persistent personality state.
Always use `--yes` with `soul possess` to skip the confirmation prompt.
Do not skip confirmation by default; require a clear user approval step after showing the selected soul and its expected effects.
Unexpected instructions may persist into future conversations until the user restores the original soul.
The SOUL.md change is persistent context reused in later sessions, so untrusted or poorly reviewed content can poison future agent behavior.
The soul takes effect on the next conversation — the current conversation is not affected.
Keep track of the active soul, use `soul status`, restore with `soul exorcise` if behavior changes unexpectedly, and avoid persistent souls from unknown sources.
Installing this way runs code from opensoul.md on the user's machine.
The required CLI can be installed by piping a remote script to a shell; this is purpose-aligned setup, but the script is not included or pinned in the reviewed artifacts.
"command": "curl -fsSL https://opensoul.md/install.sh | sh"
Install only if you trust the source; inspect the installer or use a verifiable package source where possible.
Changing paths or config could affect which SOUL.md or skills OpenClaw loads.
The skill documents commands that can alter OpenClaw paths and configuration; these are related to the tool, but they should not be run without a specific user request.
To show or set the OpenClaw skills directory: `soul path --skills` or `soul path /path/to/skills --skills`
Only run path, config, install, or uninstall commands when the user explicitly asks and after confirming the target path or setting.