v1.0.0

PersonaNexus Agent Religion

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

This appears to be a local, user-directed persona and religion prompt builder, with the main caution that its YAML files can shape a future agent’s behavior.

GuidanceBefore installing, use a clean Python environment, review the YAML you compile, inspect the generated prompt/personality output, and avoid putting secrets or unwanted persistent-memory settings in identity files.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

- **Compile** religion context into system prompts alongside personality traits

The skill is designed to convert YAML-defined religious and personality content into agent instructions, which is purpose-aligned but can steer downstream behavior.

User impactIf you compile an unreviewed identity file, its principles, guardrails, or religious framework may change how an agent responds.

RecommendationOnly compile trusted YAML files and inspect the generated system prompt or personality file before using it with an agent.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

pydantic>=2.0
pyyaml>=6.0
typer>=0.9
rich>=13.0

The skill depends on external Python packages with lower-bound version constraints, which is normal for this kind of local CLI/library but means installed versions can vary over time.

User impactFuture dependency updates could change behavior or introduce package-level vulnerabilities.

RecommendationInstall in a virtual environment and consider pinning or auditing dependency versions for production use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

templates/full.yaml

long_term:
    enabled: true
    backend: "vector_store"
  relationships:
    enabled: true

An included example identity can configure long-term memory and relationship state for systems that consume the generated configuration.

User impactIf reused in a downstream agent system, memory settings may cause context or relationship information to persist across sessions.

RecommendationReview or disable memory-related settings unless you intentionally want persistent context in the deployed agent.