Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Persona Engine
v2.1.0Create and customize AI personas with voice, face, personality, memory, and cross-platform behavior using an interactive wizard and safe update tools.
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and docs align with the stated purpose (generating SOUL.md, USER.md, TTS/image config, memory scaffolding). However the SKILL metadata declares no required environment variables or credentials while the runtime instructions and config explicitly expect provider API keys (ElevenLabs, Gemini/Google, xAI/Grok). That mismatch is a coherence problem: the skill will ask for and use external service keys but does not declare them.
Instruction Scope
Runtime instructions direct the agent to read and write workspace files (~/.openclaw/workspace and openclaw.json), collect API keys interactively, generate and save reference images, and enable spontaneous voice/image triggers. The wizard also promises a 'persona-fleet' view across machines and an automatic install of an 'agent-selfie' skill — both of which broaden scope beyond a local generator and could involve network scanning or cross-system operations. These behaviors are not limited to the minimal task of generating persona files.
Install Mechanism
No install spec is declared (instruction-only), which lowers install-time risk. The package nonetheless contains many executable scripts that will be run locally when invoked. The SKILL.md references installing via 'clawhub' and auto-installing 'agent-selfie' during persona creation; how that auto-install is performed is not specified. Lack of an explicit, auditable install step for the auto-install behavior is a concern to verify before running.
Credentials
The skill declares no required env vars, yet the wizard and docs repeatedly request API keys for multiple external providers (ElevenLabs, Google Gemini, xAI/Grok). Requiring multiple unrelated provider credentials for a single persona tool is plausible, but the registry metadata should declare these. There's also a claim that exports 'exclude API keys' — unclear where keys are stored (openclaw.json, OS keyring, or plain text). This ambiguity increases the risk of accidental credential exposure.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed by default. However the skill claims to auto-install another skill ('agent-selfie') and to enable spontaneous voice/image triggers that operate without explicit user prompts. Auto-installing other skills and enabling unsolicited behavior increases the attack surface and is not justified clearly in the documentation.
Scan Findings in Context
[no-findings] unexpected: Static pre-scan reported no injection signals, but the package contains many scripts that interact with external services and the filesystem. The absence of regex matches does not alleviate the concerns about missing declared credentials and auto-install behavior.
What to consider before installing
This skill looks like a full-featured persona builder and includes many local scripts to generate persona files, voice/image config, and memory scaffolding — so it's plausible for its stated purpose. However: 1) the package metadata declares no required environment variables but the wizard and references clearly request multiple external API keys (ElevenLabs, Gemini/Google, xAI). Ask the author or inspect scripts to see where API keys are stored (plain text vs keyring) before entering secret keys. 2) The wizard auto-installs an 'agent-selfie' component and supports 'spontaneous' voice/image triggers; confirm what that component does and how unsolicited generations are triggered and stored. 3) The 'persona-fleet' feature implies cross-machine or network discovery — review persona-fleet.py to confirm whether it enumerates or contacts remote hosts and what credentials it needs. 4) If you plan to use real accounts or sensitive data, run the skill in a sandboxed environment or inspect/execute the scripts manually to verify they don’t transmit workspace contents or keys to external endpoints. Providing the contents of persona-create.sh, persona-fleet.py, and persona-export/import scripts (or a statement from the author about where keys are persisted and what auto-install does) would raise confidence and could move this assessment toward benign.Like a lobster shell, security has layers — review code before you run it.
latestvk97d9jw66zxffyj2vmka8t6e6n83t41q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.