ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Open Persona

v0.20.0

Meta-skill for building and managing agent persona skill packs (instruction-only; no bundled installer or auto-downloaded binaries). Credentials are never wr...

1· 969·0 current·0 all-time
byacnlabs@neiljo-gy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (meta-skill for creating/managing persona packs) matches the SKILL.md and references. The runtime instructions are limited to invoking CLIs (npx openpersona, optional clawhub/gh), generating persona files, and managing local state—all expected for this purpose. No unrelated credentials or binaries are demanded by the skill itself.
Instruction Scope
SKILL.md instructs the agent to run CLIs and to read/write persona pack files and local state (state.json, ~/.openpersona/*). It explicitly describes workspace digests, heartbeat summaries, and economy scripts that read local files. These behaviors are within the stated purpose but do grant the skill the ability to access local workspace data and run generated scripts; the documentation correctly advises manual review of generated code. Exercise caution before running generated scripts or invoking publish/install flows.
Install Mechanism
Instruction-only skill with no install spec and no bundled downloads. Runtime actions point to standard CLIs (npx, gh). There is no embedded installer that pulls arbitrary code at install time, which aligns with the declared 'instruction-only' installSurface.
Credentials
The skill itself declares no required env vars. The reference docs list optional provider API vars (ELEVENLABS_API_KEY, FAL_KEY, AVATAR_API_KEY, MEMORY_API_KEY, etc.) for faculties/skills that personas may include. That is appropriate for a meta-framework, but users must supply and protect those provider credentials when enabling associated faculties. The meta-skill promises not to embed secrets into generated packs, which is consistent with the docs — still, verify generated persona files before publishing.
Persistence & Privilege
always:false and no special persistence or elevated privileges are requested. The skill does not attempt to modify other skills or global agent config. It describes generated scripts and local state directories but does not force permanent inclusion.
Assessment
This meta-skill is coherent with its purpose: it guides you to generate, install, and publish persona skill packs via standard CLIs. Before you run anything you should: 1) review generated persona.json, SKILL.md, and any scripts (scripts/state-sync.js, economy-guard.js) before executing them; 2) be prepared to provide provider API keys only when you enable corresponding faculties (voice/selfie/avatar/memory) and keep those secrets in your host credential store; 3) understand that commands like `npx openpersona create --install`, `npx openpersona contribute`, and `gh` will perform network operations — run them only when you explicitly initiate them and trust the target repo; 4) avoid using publish/contribute flows without inspecting the commit/PR steps (the docs say they require explicit CLI invocation). These checks will minimize risk while allowing the skill to operate as intended.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710jcsdgjqczp0p1v45bzehh83rf46

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧑 Clawdis

Comments