AI Persona Engine
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill largely matches its persona-building purpose, but it can persist memory, change agent behavior, use provider credentials/media, and automatically install another selfie skill without clear provenance or controls.
Before installing, review the generated OpenClaw files and openclaw.json changes, confirm or block any automatic `agent-selfie` installation, disable auto-memory or spontaneous media if unwanted, and use scoped provider API keys.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Creating a persona may add extra agent behavior or code beyond the reviewed skill.
Persona creation can install a secondary skill, but the supplied artifacts do not provide a version, source, provenance, or clear confirmation step for that dependency.
The `agent-selfie` skill is automatically installed during persona creation to handle ongoing selfie generation.
Confirm the source and version of `agent-selfie` before creation, and require an explicit prompt before installing any secondary skill.
Personal facts or interaction history may be saved and reused later, potentially changing future agent behavior.
The skill defaults to automatically storing and curating persona memory across sessions, but the provided docs do not clearly define approval, retention, deletion, or poisoning safeguards.
`autoCapture` ... Default `true` ... `dailyNotes` ... Default `true` ... `longTermCuration` ... Default `true` ... `heartbeatMaintenance` ... Default `true`
Review generated MEMORY.md and memory settings, disable auto-capture if not needed, and add clear review/delete controls before using sensitive personal information.
The persona may generate voice or image outputs when trigger phrases appear, rather than only when explicitly commanded each time.
The docs disclose proactive voice and image behavior; it is purpose-aligned, but users should notice that the defaults allow spontaneous responses based on triggers.
`enabled` ... Default `true` | Whether the agent sends voice messages unprompted ... `enabled` ... Default `true` | Whether the agent sends selfies unprompted
Disable spontaneous voice/image settings or narrow trigger phrases if you want strictly user-initiated behavior.
Provider keys may grant access to paid or private voice/image accounts.
The wizard may collect provider API credentials for expected voice features, even though the registry metadata declares no primary credential or required environment variables.
ElevenLabs API Key: > sk_...
Use least-privilege provider keys, avoid sharing exported configs with secrets, and rotate keys if you are unsure where they were stored.
Images or appearance details used to define a persona may be processed by third-party services.
Reference images and appearance prompts may be sent to external image providers, which is expected for visual persona generation but has privacy implications.
Gemini's image-to-image pipeline uses the reference to maintain facial features
Review the selected provider's privacy terms and avoid uploading sensitive or non-consensual reference images.