ClawHub

ReSoul

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed reset helper that fetches OpenClaw’s official bootstrap file and archives local persona files after explicit confirmation.

Install only if you want a full OpenClaw persona/bootstrap reset. Before running it, verify the workspace path and give the required explicit second confirmation; it will move SOUL.md, USER.md, and IDENTITY.md into .trash and replace BOOTSTRAP.md with the current file from GitHub.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes shell execution via a bundled script and fallback shell commands, but no permissions are declared. That creates a capability/authorization mismatch: a reviewer or runtime may underestimate what the skill can do, even though it can fetch remote content and modify workspace files. In a reset skill, undeclared shell access is especially risky because the behavior is destructive and network-enabled.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script restores BOOTSTRAP.md by downloading live content from GitHub rather than using a pinned, local, or integrity-verified artifact. That creates a supply-chain and trust-boundary risk: a reset operation that should be deterministic can instead import whatever content is currently served at the remote URL, including compromised, changed, or unexpected bootstrap instructions.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill performs outbound network access during a persona-reset workflow, which is broader capability than users would typically expect from a local reset helper. This expands the attack surface by allowing remote content retrieval and dependency on external availability, and in this context the fetched content is then written into a trusted local bootstrap file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal