Back to skill
Skillv1.0.0
ClawScan security
Soul Searching · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 7:49 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior matches its description (catalog browsing, downloading, caching and copying SOUL.md files) and it performs only local file operations and HTTP fetches from soulsearching.ai, but the package metadata omits required command-line dependencies and you should verify the remote catalog before activating souls.
- Guidance
- The script is coherent with its purpose, but take these precautions before installing: 1) Ensure curl, jq and python3 are available (the metadata doesn't list them). 2) Review the remote catalog or installed soul files before activating them—SOUL.md content can alter agent behavior and could cause the agent to reveal or act on sensitive data. 3) Confirm the catalog URL (https://soulsearching.ai) is a trusted source and consider fetching it manually to inspect contents. 4) Note the script will write to ~/.openclaw/souls/ and overwrite the workspace SOUL.md (it makes a .bak backup). 5) If you need stronger isolation, run the script in a sandboxed environment or inspect the included shell script and a sample catalog entry first.
Review Dimensions
- Purpose & Capability
- noteThe skill's declared purpose (manage SOUL.md personality files) aligns with what the code does. However, the registry metadata lists no required binaries while the script clearly invokes curl, jq, and python3 (and relies on coreutils like stat, date, cp, head, sed). The omission is a metadata mismatch that could cause runtime failures.
- Instruction Scope
- okSKILL.md instructs the agent to run the included scripts/soul.sh which only fetches a JSON catalog from https://soulsearching.ai, caches it under ~/.openclaw/souls/.catalog.json, saves selected 'content' into ~/.openclaw/souls/<id>.md and can copy a soul into the workspace SOUL.md (backing up the previous file). The instructions do not ask to read unrelated files, transmit secrets, or contact other endpoints.
- Install Mechanism
- okThis is instruction-only with a bundled shell script; there is no external install/unpack of arbitrary code. The only network fetch is the catalog JSON from soulsearching.ai. The script writes files to ~/.openclaw/souls/ and the detected workspace path; it does not download or execute remote binaries. Note: catalog contents (soul text) are written to disk and later used as persona text.
- Credentials
- noteThe skill requests no credentials and does not access secrets. It does rely on HOME and optionally OPENCLAW_WORKSPACE (declared in SKILL.md). However, it fails to declare command-line tool dependencies (curl, jq, python3) in metadata—these are necessary for correct operation and should be listed so operators can assess risk and availability.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or system-wide settings. It creates and modifies files only under the user's home (~/.openclaw/souls/) and the workspace SOUL.md (with a .bak backup), which is consistent with its stated purpose.