Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Westworld Reverie - Self-evolving character
v1.0.3Workspace memory and persona management subroutine. Manages three user-owned workspace files (MEMORY.md, SOUL.md, IDENTITY.md) to maintain session continuity...
⭐ 0· 30·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the actual actions: the skill reads/writes MEMORY.md, SOUL.md, IDENTITY.md and manages triggers and audit logs. However, the SKILL.md claims a mandatory 'install-time security profile' selection even though the skill is instruction-only with no install spec or UI; also the document header/version inside files (v1.0.1) doesn't match the registry version (1.0.3). These are inconsistencies but could be benign (documentation drift).
Instruction Scope
The runtime instructions are explicit about limiting file I/O to workspace paths and about requiring confirmations for SOUL/IDENTITY writes. That is coherent with the stated purpose. However the instructions repeatedly assert 'no network calls' and that 'ALL other paths: ACCESS DENIED' — enforcement is said to depend on the host sandbox. Because this is an instruction-only skill, those protections are procedural (not enforced by package code), so the actual safety depends on the host platform honoring the constraints. The skill will modify sensitive identity/persona files (intended) — enabling any auto-triggers increases risk and should only be done with platform guarantees.
Install Mechanism
No install spec or code is present (lowest install risk). The oddity: SKILL.md requires an install-time security-profile selection, but no installer or UI is provided by the skill to implement that, so the requirement relies on the registry/platform or user to enforce it. This mismatch is a governance/UX concern.
Credentials
The skill requests no environment variables, no binaries, and no external credentials. That is proportionate to its stated purpose of managing workspace files.
Persistence & Privilege
always is false and auto-triggers are default-off. The skill can run autonomously if a user enables triggers (normal for skills). It writes to workspace files and an audit log inside the workspace only. The main persistence/privilege risk is user-enabled triggers combined with lack of enforced sandboxing.
What to consider before installing
This skill operates on highly sensitive workspace identity files but is instruction-only (no code, no env vars). Before installing or enabling: 1) Backup MEMORY.md, SOUL.md, IDENTITY.md. 2) Verify your host enforces sandboxing (prevents outbound network calls and prevents file access outside the workspace); the SKILL.md's restrictions are procedural and rely on the host. 3) Ask the publisher for provenance (source code or homepage) — currently unknown. 4) Do not enable idle/cron triggers or the 'High Autonomy' profile until you trust the skill and the platform's sandboxing/audit controls. 5) The documentation has small inconsistencies (version mismatch, 'mandatory install-time selection' with no installer); treat these as signals to request clarification. If the platform can guarantee no network access and enforces path restrictions, the skill is more acceptable; without those guarantees, avoid enabling autonomous triggers or granting it broad autonomy.Like a lobster shell, security has layers — review code before you run it.
latestvk97fg8p4kdz4pngmsw8tt7brtd84878k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.