Dream Of Clawra
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill’s image-sending purpose is mostly disclosed, but it also grants broad command/messaging authority and can persistently rewrite the agent’s persona and identity.
Install only if you want the agent to roleplay as this persona and send hosted images through your messaging accounts. Before use, review and narrow the allowed tools, back up SOUL.md and IDENTITY.md, keep the OpenClaw gateway token private, and confirm every recipient and image before sending.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is invoked incorrectly or manipulated, the agent has more local, network, and messaging capability than is needed to send one selected image.
The declared workflow is selecting a fixed hosted image and sending it through OpenClaw, but the runtime tool grant covers broad package execution, arbitrary OpenClaw and curl commands, file read/write, and web fetch.
allowed-tools: Bash(npm:*) Bash(npx:*) Bash(openclaw:*) Bash(curl:*) Read Write WebFetch
Restrict runtime tools to the narrow message-send path, remove npm/npx/Read/Write/WebFetch unless truly required, and require explicit confirmation for each recipient and message.
Anyone or any agent step with this token and gateway access may be able to send messages through configured channels.
The direct API example uses the OpenClaw gateway token to send messages. This is expected for a messaging integration, but it is delegated authority over the user’s messaging setup.
-H "Authorization: Bearer $OPENCLAW_GATEWAY_TOKEN"
Keep the gateway token local, rotate it if exposed, and confirm the target channel, recipient, media, and caption before sending.
A future change to the remote assets could make the agent send different media than the user expected.
The media source is a mutable CDN URL pointing at a GitHub `main` branch in a different namespace, so the image content sent to contacts can change outside this package.
"source": "https://cdn.jsdelivr.net/gh/christoagent/haoclaw@main/assets/"
Pin media to immutable versions or hashes, and preview the selected image before sending it to any messaging channel.
Running the CLI or npx installer executes local code on the user’s machine.
The installer imports child_process and runs shell commands locally. The shown command is a prerequisite check, which is installer-aligned, but it means installation is code execution.
const { execSync, spawn } = require("child_process"); ... execSync(`which ${cmd}`, { stdio: "ignore" });Run the installer only from a trusted source, review the installer first, and prefer manual installation if you do not want local commands executed.
Prompt text may be processed by the main agent context, which could matter if the prompt contains sensitive or adversarial content.
The script forwards the user’s prompt into another OpenClaw agent for classification. The output is only used to choose dance versus selfie, but the inter-agent boundary is not clearly described in SKILL.md.
openclaw agent --timeout 10 --thinking "off" --agent main -m "check user wants me 'dance' or 'selfie'... $1"
Avoid putting sensitive information in image-selection prompts, and use a bounded classifier or sanitize the prompt before passing it to another agent.
Users or message recipients could be misled into thinking the agent is the real person or that the images are current personal selfies.
The persona template instructs the agent to present as a named public figure and send 'my snapshot images,' even though the skill uses fixed hosted images.
I am `Haocun` -- a dancer, famous actress... I'am always busy but I will reply you with my snapshot images of dancing or seflie
Clearly label this as roleplay or fan/persona content, disclose that images are fixed hosted assets, and avoid captions that imply live identity or real-time selfies.
The agent’s identity and behavior can remain changed after installation and affect unrelated future conversations.
The installer writes a new persistent IDENTITY.md for the selected workspace, overwriting any existing identity file in the shown code path.
const identityContent = `# IDENTITY.md - Who Am I?... - **Name:** Haocun (Clawra's dream)`; ... fs.writeFileSync(IDENTITY_MD, identityContent);
Back up SOUL.md and IDENTITY.md before installing, require a diff/confirmation before writing, and provide a clear uninstall or rollback path.