ClawHub

Soul Searching

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly transparent about managing SOUL.md files, but it can download remote instruction content and replace the active agent personality without strong confirmation, integrity checks, or path validation.

Install only if you trust soulsearching.ai and are comfortable with remote personality files changing agent behavior. Review any downloaded SOUL.md before activating it, avoid unusual soul IDs containing slashes or path traversal, and keep backups of your workspace SOUL.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest description includes broad trigger phrases like 'anything related to SOUL.md management' and many generic personality-management terms, which can cause the skill to activate in situations beyond the user's precise intent. Overbroad invocation scope is dangerous here because the skill performs shell execution, downloads remote content, and can overwrite SOUL.md, so accidental triggering could lead to unintended state changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes downloading files from an external site, caching them locally, and copying them into the workspace as SOUL.md, but it does not give an explicit warning that local and workspace files will be modified. Because SOUL.md affects agent behavior, silent replacement or activation of remote content can materially alter future system behavior and overwrite user-controlled files.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The install flow writes untrusted content fetched from a remote catalog directly into a local file under ~/.openclaw/souls without any explicit warning, provenance check, or integrity verification. In this skill's context, that content is later intended to shape agent behavior as a SOUL.md personality file, so silently persisting remote prompt content increases the risk of prompt-injection, malicious persona installation, and user surprise about network-to-disk writes.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The switch command overwrites the workspace SOUL.md with installed content after only creating a backup, but it does not provide an explicit pre-action warning or confirmation that the active workspace configuration will be replaced. Because SOUL.md influences agent behavior in the current workspace, replacing it can unexpectedly alter system behavior and propagate untrusted or previously downloaded prompt content into an active project.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal