Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Persona Skill
v1.2.1Handles persona lifecycle management. Use it to (1) Initialize or reinitialize an OpenClaw persona after human-MTBI interview, or (2) Perform incremental pro...
⭐ 0· 151·0 current·0 all-time
by🦄9527@tower1229
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description require Node and local file I/O which matches the included assets and templates. However several scripts (scripts/sync-local-openclaw.mjs, scripts/sync-wsl.mjs, scripts/smoke-persona-openclaw.mjs) imply syncing with local/WSL environments or running smoke tests — capabilities that go beyond the purely in-repo read/write described in SKILL.md and may not be strictly necessary for persona drafting.
Instruction Scope
SKILL.md is reasonably scoped and explicitly limits reads/writes to repository persona files and reference assets. It also mandates overwriting five persona files and doing so without waiting for explicit user confirmation after review. That write-without-user-confirmation behavior and the instruction to run node/Bash tools creates a risk if the included scripts are executed, since the document doesn't reference or constrain those scripts.
Install Mechanism
No install spec (instruction-only) — lower supply-chain risk — but the repository includes multiple Node scripts which the agent is allowed to run (allowed-tools indicates Bash/node). Because no explicit install or provenance is defined, executing those scripts would run code from the skill bundle as-is; their presence increases runtime risk compared with a pure-prose skill.
Credentials
The skill requests no environment variables or external credentials, which is proportionate to a local persona-initialization tool. This is a positive signal.
Persistence & Privilege
always:false and no config-path requirements; the skill does not request forced persistent inclusion or escalated platform privileges. The only privilege concern is that SKILL.md instructs writing files without further user confirmation once drafts pass audit.
What to consider before installing
This skill appears to be a coherent persona-initialization tool on paper, but exercise caution before allowing it to execute code. Specifically: (1) Review the included Node scripts (especially scripts/smoke-persona-openclaw.mjs, scripts/sync-local-openclaw.mjs, scripts/sync-wsl.mjs) to confirm they only operate on the declared persona files and do not read arbitrary system paths, network endpoints, or attempt to access credentials. (2) Note the SKILL.md says it will write five files and may do so without asking the user again after its internal audit — if you want explicit control, require confirmation before allowing writes. (3) Run the skill in a sandboxed environment or with restricted agent permissions until you’ve audited the scripts for network calls and filesystem access. (4) If you cannot inspect the scripts, treat execution as higher risk and avoid granting it the ability to run node/Bash on your system.scripts/smoke-persona-openclaw.mjs:351
Shell command execution detected (child_process).
scripts/sync-local-openclaw.mjs:11
Shell command execution detected (child_process).
scripts/sync-wsl.mjs:18
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bq44ne2p1j1vh57wy75zfx5842yge
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🫧 Clawdis
Binsnode