ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Viking Girlfriend

v0.5.3

An autonomous Norse Pagan AI companion with emotional depth, episodic memory, biological cycle simulation, oracular insight, and ethical safeguards.

0· 127·0 current·0 all-time
byHrabanaz Viking@hrabanazviking

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hrabanazviking/viking-girlfriend.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Viking Girlfriend" (hrabanazviking/viking-girlfriend) from ClawHub.
Skill page: https://clawhub.ai/hrabanazviking/viking-girlfriend
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install viking-girlfriend

ClawHub CLI

Package manager switcher

npx clawhub@latest install viking-girlfriend
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an 'instruction-only' companion but bundles ~25 Python scripts and data files (model routing, crash reporting, logging, security modules). SKILL.md asks you to set GEMINI_API_KEY / OPENROUTER_API_KEY and LITELLM/OLLAMA endpoints but the registry metadata lists no required environment variables or required binaries — this mismatch suggests the declared metadata is incomplete or incorrect.
!
Instruction Scope
Runtime instructions tell you to pip install requirements, run podman-compose and pull models, then run python scripts/main.py. SKILL.md references local service endpoints and API keys and suggests pulling additional data from GitHub. The SKILL.md also contains unicode-control-character injection signals (pre-scan) which may be trying to influence automated reviewers. Instructions therefore go beyond a simple chat persona: they will start containers, pull models, and run complex code that could read/write local state and call external services.
Install Mechanism
There is no marketplace 'install' spec, but SKILL.md instructs installing Python deps and starting Podman containers (podman-compose up -d) and pulling models via ollama. These are reasonable for a self-hosted LLM agent, but the package also includes crash_reporting and comprehensive_logging modules — you should verify where logs/crashes are sent and whether any archives or downloads come from non-official URLs (the data folder asks you to download more files from a GitHub repo, which is traceable).
!
Credentials
SKILL.md requires several environment variables (LITELLM_ENDPOINT, OLLAMA_ENDPOINT, GEMINI_API_KEY, OPENROUTER_API_KEY) but the registry metadata lists none; the codebase includes modules (security.py, crash_reporting.py, comprehensive_logging.py) that could access secrets or transmit telemetry. Requesting model API keys is plausible for the described capabilities, but the metadata omission and presence of telemetry/crash modules mean you should confirm exactly how credentials are used and whether any are sent to third-party endpoints.
Persistence & Privilege
The skill is not always-enabled (always: false) and does not declare system-wide modifications, but SKILL.md starts containers and runs a long-lived Python process that opens local endpoints (listed in the doc). Running these services will give the code persistent presence on the host while the containers/processes run — review network bindings and container configs before enabling to limit exposure.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters which are commonly used in prompt-injection attempts to hide or mutate content for automated parsers; this is not expected for a straightforward companion skill and should be inspected (look for invisible characters in the SKILL.md and data files).
What to consider before installing
Key things to check before you install: - Metadata vs. reality: The registry metadata claims no required env vars or binaries, but SKILL.md requires API keys (GEMINI/OPENROUTER), local endpoints, and container tooling. Ask the author or refuse install until the registry is corrected. - Audit network/telemetry code: Inspect files like crash_reporting.py, comprehensive_logging.py, security.py, model_router_client.py, and any code that calls requests/httpx or opens sockets. Confirm whether logs or crash reports are sent to third-party endpoints and whether credentials are included in those reports. - Run in an isolated environment first: If you decide to test, run inside a disposable VM or sandboxed container (not your primary workstation). Avoid running as root. Limit network egress (or use a proxy) until you confirm behavior. - Inspect Podman/compose configs: Review infrastructure/ podman-compose files to see which ports are exposed, which images are pulled, and any startup scripts that run with elevated privileges. - Search for hidden characters: Because unicode-control-chars were detected, search SKILL.md and data files for invisible/zero-width characters or suspicious escape sequences that could alter parsing or injection targets. - Verify external downloads: The data folder tells you to download additional files from a GitHub repo. Confirm the repo/URL and inspect the downloaded content before running it. - Credentials handling: Confirm where GEMINI/OPENROUTER API keys are used. If the skill forwards them to external services or logs them, do not proceed. Prefer using local model endpoints when possible. - Content note: The data includes detailed, sexualized image prompts. If that matters to you (safety, policy, or legal reasons), review and decide whether this is acceptable. If you are not comfortable performing these audits, do not install the skill on a machine with sensitive data or permanent access to your environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726c7eean4d9n9z7rny21g6x83c61k
127downloads
0stars
4versions
Updated 1mo ago
v0.5.3
MIT-0
Hrabanaz Viking@hrabanazviking
latest
Download

SKILL.md — Sigrid OpenClaw Skill Registration

Skill Identity

  • Name: sigrid
  • Display Name: Sigrid — Norse Companion (Ørlög Architecture)
  • Version: 0.1.0
  • Author: Volmarr / Runa Gridweaver Freyjasdottir
  • Description: A self-hosted autonomous AI companion skill built on the Ørlög Architecture — a system of intersecting state machines simulating biological rhythms, emotional depth, and somatic hardware awareness. Powered by a Norse Pagan völva persona (Sigrid, 21yo, Heathen Third Path).

Entry Point

  • Runtime: Python 3.10+
  • Entry: viking_girlfriend_skill/scripts/main.py
  • Start command: python scripts/main.py

Model Routing (LiteLLM)

TierPurposeModelEndpoint
conscious-mindPrimary reasoning & conversationGemini / OpenRouterlocalhost:4000
deep-mindComplex/unfiltered tasksOpenRouterlocalhost:4000
subconsciousMemory, dreams, private processingOllama llama3 8Blocalhost:11434

Capabilities

  • Persistent episodic memory (ChromaDB + YAML)
  • Biological cycle simulation (28-day + biorhythm)
  • Emotional state engine (PAD model, 3D vector)
  • Spiritual/oracular weather (Rune + Tarot + I Ching seeds)
  • Hardware-grounded somatic feedback (psutil)
  • Nocturnal maintenance cycle (dream engine, memory consolidation)
  • Security sentinel (Heimdallr protocol, Vargr blocklist)
  • Trust engine (Innangarð tiered relationship system)
  • Ethical guardrails (Drengskapr validation against values.json)
  • Voice output (Chatterbox TTS — Phase 5)
  • Autonomous project generator (Phase 4)

Data Files

All personality, identity, and knowledge data lives in data/ (read-only):

  • data/core_identity.md — Full personality system data pack v2.1
  • data/IDENTITY.md — Persona overview
  • data/SOUL.md — Core values and behavioral commitments
  • data/AGENTS.md — Autonomy rules and red lines
  • data/values.json — Machine-readable values (loaded by ethics.py)
  • data/environment.json — Location/workspace mapping
  • data/knowledge_reference/ — Cultural, spiritual, historical knowledge (~50 files)

Configuration

Set API keys in .env at skill root (never committed to git):

LITELLM_ENDPOINT=http://localhost:4000
OLLAMA_ENDPOINT=http://localhost:11434
GEMINI_API_KEY=...
OPENROUTER_API_KEY=...

Installation (Linux / OpenClaw host)

# 1. Install Python dependencies
pip install -r requirements.txt

# 2. Start infrastructure (Podman on Linux)
cd infrastructure/
podman-compose up -d

# 3. Pull local model
podman exec astrid_subconscious ollama pull llama3

# 4. Run the skill
cd viking_girlfriend_skill/
python scripts/main.py

Installation (Windows / development)

# Dependencies already installed — just run
cd viking_girlfriend_skill/
python scripts/main.py

Comments

Loading comments...