OpenClaw Agency Agents

The skill manages AI personas by cloning an external GitHub repository (jnMetaCode/agency-agents-zh) and overwriting the agent's core configuration files (SOUL.md, IDENTITY.md, AGENTS.md). A vulnerability exists in scripts/activate.sh where the script extracts descriptions from external markdown files and inserts them into a shell heredoc (cat << EOF) without escaping; this allows for potential command injection if the source files contain shell-style variable expansion or command substitution (e.g., $(command)). While these behaviors align with the stated purpose of persona management, the combination of external content fetching and unsafe shell operations represents a significant security risk.