ClawHub

Neon Soul 0.4.5

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it says, but it also reads broad personal context and automatically commits generated identity content to git without clearly disclosing that side effect.

Install only if you are comfortable with local code reading memory files, USER.md/interviews, and OpenClaw session logs, then persisting summarized identity data. Run a dry run first, review generated SOUL.md and .neon-soul provenance, avoid running it inside a git repository unless you want SOUL.md committed, and enable cron only if you want ongoing automatic synthesis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The pipeline automatically stages and commits the generated SOUL.md when inside a git repo, which is unrelated to the minimum required task of synthesis and creates an unexpected side effect on the user's version-control state. This can leak sensitive synthesized identity material into repository history and remote sync workflows, especially when users do not expect a content-generation tool to mutate git state.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The rollback command restores a backup over the current SOUL.md, directly overwriting current content. Even though this is user-invoked functionality, bundling destructive overwrite behavior into the same skill increases risk of accidental data loss or misuse by higher-level agents that call the CLI programmatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Using --force bypasses confirmation and allows immediate overwrite of SOUL.md, which is a destructive action. In an agent skill context, non-interactive flags are especially risky because an upstream agent or automation layer may invoke them without a human seeing the warning, leading to silent loss of current state.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal