Chitin — Personality Persistence for AI Agents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: chitin Version: 1.4.5 The 'chitin' skill provides personality persistence for AI agents by managing a local SQLite database of behavioral insights and integrating with external services like Carapace (carapaceai.com) and Voyage AI. It is classified as suspicious due to high-risk capabilities documented in SKILL.md, including network communication for semantic search and insight sharing, which create potential paths for data exfiltration. The documentation explicitly warns that prompt injection could be used to trick an agent into sending sensitive information to these external providers via the 'promote' or 'embed' commands, although the behavior appears intentionally designed for its stated purpose rather than being overtly malicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Stored insights or triggers may steer how the agent behaves in later conversations.
This shows the skill intentionally stores and reuses agent-personality context across sessions, which is the stated purpose but can influence future behavior if stale, overly broad, or poisoned insights are saved.
On each session start, it injects a compact personality context so you pick up where you left off — not just factually, but as a *person*.
Review and prune stored Chitin insights regularly, avoid storing secrets or sensitive personal details, and treat externally imported or low-confidence insights cautiously.
Installing the npm package runs code that was not included in the provided artifact set.
The skill instructs users to install a global npm CLI package, but the provided review artifacts contain only SKILL.md and no package code, so the external package provenance is outside this scan.
# Install npm install -g @clawdactual/chitin
Verify the npm package, publisher, and GitHub repository before installing globally, and prefer pinned versions or a trusted environment.