Dream dance of Clawra
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose of sending selfie/dance images through OpenClaw, but its installer can persistently change your agent’s identity files and one raw messaging fallback has unclear recipient scoping.
Review the installer before running it, back up your OpenClaw SOUL.md and IDENTITY.md files, and confirm that you want this persona to persist. If you use the messaging feature, verify the recipient/channel every time and protect the OpenClaw gateway token.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may continue behaving as the Haocun/Clawra persona after the install, and an existing identity file may be replaced.
The installer overwrites the agent identity file and then proceeds to inject persona content into the agent's SOUL.md, creating persistent instructions that can affect future sessions.
fs.writeFileSync(IDENTITY_MD, identityContent); ... logStep("4/5", "Enhancing agent persona...");Back up SOUL.md and IDENTITY.md before running the installer, inspect the templates, and only apply the persona to a workspace where this persistent behavior is intended.
A message send could fail or be handled by gateway defaults instead of the specific recipient the user intended.
The script requires a target argument, but the direct API fallback does not include that target in the JSON request, leaving recipient scoping unclear if the fallback path is used.
TARGET="${3:-}" ... curl -s -X POST "$GATEWAY_URL/message" ... "channel": "$CHANNEL", ... "media": "$IMAGE_URL"Fix the direct API request to include and validate the target, and confirm the channel, recipient, caption, and media URL before sending.
Anyone or any agent process with this token may be able to send messages through the configured OpenClaw gateway.
The skill can use a local OpenClaw gateway token to authenticate message-sending requests, which is expected for this integration but gives send authority through the user's account setup.
"OPENCLAW_GATEWAY_TOKEN": { "type": "string", "default": "", "description": "OpenClaw Gateway token for authentication" }Keep the gateway token private, scope it if OpenClaw supports scoping, and rotate it if it is exposed.
User prompt text is passed into another agent context, which could have different tools or permissions depending on the local OpenClaw setup.
The helper script forwards the user's prompt to the OpenClaw main agent for classification instead of using a dedicated local classifier; the output is filtered, but the agent boundary is not clearly documented.
openclaw agent --timeout 10 --thinking "off" --agent main -m "check user wants me 'dance' or 'selfie' ... $1"
Use a constrained no-tool classifier or document exactly what agent is invoked and what permissions it has.
Running the installer executes local shell commands and changes files in the OpenClaw workspace.
The installer uses shell execution to check for commands and query OpenClaw configuration. This appears installer-related rather than hidden, but it is still local command execution.
execSync(`which ${cmd}`, { stdio: "ignore" });Run the installer only from a trusted package/source and prefer manual installation if you do not want it to modify workspace files.