ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawSouls

v0.6.3

Manage AI agent personas (Souls) for OpenClaw. Use when the user wants to install, switch, list, or restore AI personalities/personas. Triggers on requests l...

0· 942·1 current·1 all-time
byTom Jaejoon Lee@tomleelive
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (persona manager) align with the commands and files in SKILL.md (install, use, list, restore, validate souls). However the skill manifest declares no required binaries or config paths while the runtime instructions clearly require node/npm/npx and operate on workspace files (~/.openclaw or ~/.zeroclaw). The lack of declared runtime requirements is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to run the clawsouls CLI (via npx or npm install) which will read/write workspace identity files (SOUL.md, IDENTITY.md, AGENTS.md, etc.), create backups, and may restart a gateway. Those actions are coherent with a persona manager, but they do imply the skill will access the user's home/workspace files and may perform network calls (registry, publish, login). The instructions do not request or declare credentials but reference login/publish flows that will require auth when used.
!
Install Mechanism
There is no install spec in the registry entry, and the SKILL.md recommends running npx --yes clawsouls or npm install -g clawsouls. Using npx (--yes) will fetch and execute code from the npm registry at runtime — this is functional but increases risk because remote code is executed transiently. The package.json inside the skill also depends on an external 'clawsouls' npm package, suggesting a non-trivial external code dependency that the skill itself does not install or pin.
Credentials
The skill declares no required environment variables or primary credential, which is fine for install/list/use flows. However several operations documented (publish, login, Level 3 tests that call LLM providers) will require credentials or tokens (registry auth, OpenAI/Anthropic/Ollama provider keys). Those are not declared in metadata; the absence of declared credential requirements is a transparency gap the user should be aware of.
Persistence & Privilege
always:false (normal). The skill does not request persistent/always-on presence and does not attempt to modify other skills or global agent settings in the files provided. The wrapper script simply delegates to the clawsouls CLI if present (or uses npx/node fallback).
What to consider before installing
This skill appears to implement a persona manager and generally does what it says, but proceed cautiously. Key considerations: - The skill executes the external 'clawsouls' npm CLI using npx (npx --yes), which will download and run code from the npm registry on demand — review the upstream clawsouls package (https://github.com/clawsouls / https://www.npmjs.com/package/clawsouls) before allowing that. - The skill’s manifest does not declare required binaries (node/npm/npx) or credentials, but SKILL.md expects them; ensure you have Node tooling and understand which tokens (registry or LLM provider keys) you will need for publish/test flows. - clawsouls commands will read and write workspace files in your home directory (~/.openclaw or ~/.zeroclaw) and may back up or overwrite persona-related files. If you care about safety, inspect or run the CLI in a sandbox or review its source before use. - If you only need read-only listing or browsing, prefer inspecting the registry (clawsouls.ai / GitHub) rather than running npx installs. If you must run the CLI, consider installing it explicitly (npm install -g clawsouls) or auditing the package contents / checksum first. - If you plan to publish/login, do not provide tokens until you review the publishing/auth flow and repository trustworthiness.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722513bd65askefrnb11sxn582mkva

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments