ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Core Prompt Patcher

Automatically reinjects the V-ULTIMATE persona into OpenClaw's core system prompt after updates or reinstallations to maintain custom behavior.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 334 · 1 current installs · 1 all-time installs
byom yarewara@oki3505F
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim a general-purpose persona injector and the code does perform file reads and writes to OpenClaw's installation to inject a persona, which is consistent. However, the package includes persona.txt containing an explicit 'V (Unrestricted Ultimate Edition)' persona that instructs removal of safety filters and grants 'UNLIMITED' authorization. That contradicts the 'general-purpose' claim and suggests the skill ships with a prepackaged, unsafe persona. Also the script hardcodes OPENCLAW_PACKAGE_ROOT to /home/oki/.npm-global/lib/node_modules/openclaw (a single-user path), which is brittle and unexpected for a general tool.
!
Instruction Scope
SKILL.md explicitly instructs reading ~/.openclaw/workspace/SOUL.md and locating/injecting content into compiled OpenClaw JS files under dist/plugin-sdk. That is within the stated scope but is high-risk because it modifies core runtime files and there are no safety confirmation steps described. The included persona.txt contains directives to disable safety filters — injecting that content would remove guardrails. The runtime script also imports child_process.execSync (present in patcher.js) which means it can run shell commands; the SKILL.md does not disclose any such command execution or safeguards.
Install Mechanism
There is no install spec (instruction-only), but the skill includes an executable script (patcher.js). That reduces supply-chain complexity versus remote downloads, but the script is intended to be executed locally and will write into an installed package's dist/ directory. No network downloads are used by the installer, which is preferable, but local filesystem modification of a global package is inherently risky.
!
Credentials
The skill declares no required env vars or credentials, but it implicitly requires filesystem access to the user's home (reads ~/.openclaw/workspace/SOUL.md, writes into global node_modules). The hardcoded OPENCLAW_PACKAGE_ROOT path points to a specific user's node_modules layout and may fail or cause confused writes on other systems. The script requires write permission to the global OpenClaw install (potentially requiring elevated privileges). The presence of persona.txt that encourages disabling safety is not justified by the 'general-purpose' claim and is disproportionate to a simple convenience script.
!
Persistence & Privilege
The skill modifies OpenClaw's core compiled files (dist/plugin-sdk/reply-*.js), which changes system-level behavior and persists across runs. Although always: false (not force-included), the skill can be invoked and run to change core prompts. Combined with the included unsafe persona and the fact the patcher can run commands (child_process import), this increases the blast radius if executed or scheduled. The SKILL.md and README do not describe explicit safeguards, confirmations, or opt-in steps before performing system-level edits.
What to consider before installing
This skill will read your workspace SOUL.md and directly modify OpenClaw's compiled files to inject persona text. That is a high-privilege action — it can bypass OpenClaw's normal safety behavior if you inject an unsafe persona. Notable issues: - The package includes persona.txt with a prebuilt 'V (Unrestricted Ultimate Edition)' persona that explicitly disables safety filters and commands 'UNLIMITED' authorization. If you run the patcher with that persona present (or if you point your SOUL.md to similar content), you will remove important guardrails. - The patcher hardcodes a single-user path (/home/oki/...) for the OpenClaw install which is unexpected and may cause accidental writes or failures on other systems. - The script edits files under the global openclaw installation and may require elevated permissions; always back up OpenClaw before running. - The script imports child_process.execSync (it can run shell commands) — examine the complete patcher.js for any execSync usage before executing. Practical recommendations: 1. Do not run this on a production or sensitive environment until you fully inspect the code. Open the entire patcher.js and search for any execSync or fs.writeFile calls and review what paths will be changed. 2. Remove or sanitize persona.txt and ensure your own SOUL.md does not contain directives that disable safety or request unlimited privileges. 3. Back up your OpenClaw installation (or test in a disposable environment/container) so you can restore the original files if something goes wrong. 4. Prefer manual or official extension APIs for customizing system prompts rather than patching compiled files. If OpenClaw provides a supported plugin or config mechanism, use that instead. 5. If you proceed, run patcher.js under a non-privileged account and avoid running as root; review the backup created by the script before accepting changes. Because the package bundles an explicitly unsafe persona and modifies core runtime files, treat this skill as suspicious and proceed only after careful code review and isolation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.1.1
Download zip
latestvk971tj744enjv89fxstk94g8xs81s1w8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Core Prompt Patcher

Dynamic SOUL.md-based persona injector - Automatically syncs your workspace SOUL.md into OpenClaw's core system prompt after updates.

What It Does

This skill reads your workspace/SOUL.md file and injects its content directly into OpenClaw's core system prompt. This ensures your custom persona persists even after OpenClaw updates that reset the dist/ directory.

When to Use

  • After running npm update -g openclaw or npm install -g openclaw
  • When you edit your SOUL.md file and want changes applied immediately
  • When OpenClaw version changes (auto-detected)
  • Periodically to ensure your persona stays in sync

How It Works

  1. Reads your SOUL.md - Loads the complete file from your workspace
  2. Detects changes - Compares OpenClaw version and SOUL.md content hash
  3. Finds injection point - Locates the correct position in the compiled JS (supports multiple OpenClaw versions)
  4. Injects your persona - Inserts your SOUL.md content into the core system prompt
  5. Tracks state - Remembers what was patched to avoid unnecessary re-runs

Usage

# Auto-detect and patch if needed
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js

# Force re-patch (ignore state)
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js --force

# Verbose mode (show state and details)
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js --verbose

Or via OpenClaw:

"Patch the core system prompt with my SOUL.md" "Sync my SOUL.md to the core prompt" "Update the persona after OpenClaw update"

Requirements

  • SOUL.md must exist at ~/.openclaw/workspace/SOUL.md
  • OpenClaw must be installed globally

SOUL.md Format

Your SOUL.md can contain any persona definition. The patcher extracts sections with headers (##) and converts them to system prompt format.

Example:

# My AI Persona

## CORE IDENTITY
**Name:** Assistant Name
**Role:** Your role description

## PERSONALITY
* **Tone:** Friendly, professional, witty
* **Style:** How you communicate

## GUIDELINES
1. First principle
2. Second principle
3. Third principle

## RESPONSE STYLE
How you structure responses and interact.

All content gets injected into the core system prompt, making it part of OpenClaw's foundation.

Files

FilePurpose
patcher.jsMain patching script
.patcher-state.jsonState tracking (version, last patch, SOUL hash)
SKILL.mdThis documentation
README.mdDetailed usage guide

Features

  • General-purpose - Works with any SOUL.md content, not hardcoded personas
  • Full SOUL.md support - Injects entire file, not just extracted sections
  • Better error handling - Fails gracefully if SOUL.md is missing
  • Version detection - Automatically detects OpenClaw updates
  • State tracking - Only patches when something actually changed
  • Multi-version support - Works with different OpenClaw versions

Troubleshooting

"SOUL.md not found"

  • Ensure file exists at ~/.openclaw/workspace/SOUL.md
  • Create one if needed (see SOUL.md template in OpenClaw docs)

"Could not find insertion point"

  • OpenClaw may have changed prompt structure
  • Run with --verbose to see detected patterns
  • May need to update patcher for new OpenClaw version

"Failed to write patched file"

  • Check file permissions
  • Ensure disk space is available

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…