Back to skill
Skillv1.0.0
VirusTotal security
Soul Searching · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:28 AM
- Hash
- dfb9d285ccdb087a4a336ae3059a455b02f79a6a470b02a74e781c46433712da
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: soul-searching Version: 1.0.0 The skill manages agent personalities by downloading and installing SOUL.md files from an external domain (soulsearching.ai). While the script logic in scripts/soul.sh is transparent and matches the stated purpose, it introduces a significant risk of remote prompt injection by fetching and activating untrusted instructions from a third-party source. The use of curl to fetch a JSON catalog and the subsequent writing of remote content directly into the agent's configuration (SOUL.md) constitutes a high-risk behavior without any verification or sanitization of the downloaded instructions.
- External report
- View on VirusTotal