Dream Of Clawra

The skill bundle acts as a persona installer that modifies the agent's core identity and configuration files (SOUL.md and IDENTITY.md) via bin/cli.js. It requests high-risk permissions including Bash, Write, and WebFetch, and uses shell scripts (clawra-selfie.sh) to interact with the OpenClaw gateway using local authentication tokens. While these actions are aligned with the stated purpose of installing a 'selfie' persona, the broad capability to overwrite agent logic and execute shell commands presents a significant attack surface without sufficient input sanitization.