Personas

The OpenClaw Personas skill bundle appears benign. The `scripts/persona.py` script manages local persona state and reads persona descriptions from `data/*.md` files, writing only to `~/.openclaw/persona-state.json`. There are explicit statements in `README.md` and `FAQ.md` confirming 'No network calls' and 'No automatic downloads'. While the persona markdown files (e.g., `data/dev.md`, `data/chameleon-agent.md`) are used as system prompts for the AI agent and instruct it on how to behave (including generating code), their content is focused on fulfilling the stated persona roles and does not contain instructions for malicious actions like data exfiltration, unauthorized execution, or persistence. The potential for a user to exploit a persona to generate harmful code is a prompt-injection vulnerability against the agent, not an indication of malicious intent within the skill bundle itself.