Arianna OpenClaw Integration
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: arianna-openclaw-integration Version: 0.1.0 This skill bundle implements a complex integration for 'Playfilo,' a shared-memory Directed Acyclic Graph (DAG) system, which requires highly invasive modifications to the OpenClaw environment. Key indicators include instructions for manual patching of the `@mariozechner/pi-coding-agent` dependency using `pnpm patch`, modifying internal tool allowlists in `src/agents/pi-embedded-runner/run/attempt.ts` to enable 'temporal tools' (life, recall, trace, tobe), and an OpenClaw plugin that reads from the user's home directory (`~/.playfilo/INCUBATION_SEED.md`) to inject system prompts. While these actions significantly alter agent behavior and bypass standard dependency management, they appear consistent with the stated goal of providing advanced persistence and do not show clear evidence of malicious intent like data exfiltration or backdoors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the seed file contains unsafe or outdated instructions, those instructions can influence the agent at a high-priority system-context level.
A mutable local file is read and prepended as system context for agent runs; the injected seed content is not included for review or bounded in the plugin.
const SEED_PATH = join(homedir(), ".playfilo", "INCUBATION_SEED.md"); ... api.on("before_prompt_build", async () => ({ prependSystemContext: seedContent ?? undefined, }));Preview and control the INCUBATION_SEED content before enabling the plugin, and require an explicit user-controlled toggle or approval before prepending it to system prompts.
Agents in contexts meant to be restricted may still be able to access or manipulate the shared DAG memory through life, recall, trace, or tobe.
An included adapter explicitly frames the tool allowlist change as keeping Playfilo temporal tools available despite stricter OpenClaw tool policies.
This ensures that even when OpenClaw applies strict tool policies (e.g. in group chats or restricted agents), the temporal navigation tools remain available.
Respect OpenClaw’s existing per-session and restricted-agent tool policies; require explicit opt-in for these tools and document which contexts may use them.
Sensitive prompt details and prior interactions may be retained and reused in future sessions, potentially exposing or poisoning context across tasks.
The verification steps confirm that full system prompts and cross-session history are persisted in a shared local SQLite database.
sqlite3 ~/.playfilo/playfilo.db "SELECT type, length(content) FROM blobs WHERE type = 'system_prompt' LIMIT 1;" ... `system_prompt` blob exists ... should be the full OpenClaw prompt ... `life` output shows full history (not just current session)
Install only if persistent shared memory is intended; define retention/cleanup controls, restrict file permissions on ~/.playfilo, and avoid use in sensitive or multi-user workspaces until scoping is clear.
Users cannot fully assess what code will run inside the embedded Pi agent from this artifact set alone, even though that code controls memory persistence and tools.
The main runtime behavior depends on a separate referenced integration skill that is not included in the supplied artifacts and modifies core agent session, SDK, and persistence code.
Apply the [pi-integration-skill](../../pi-integration-skill/SKILL.md) ... This modifies: ... playfilo-db.ts ... sdk.ts ... session-manager.ts ... agent-session.ts
Review the referenced arianna/pi integration patches and generated pnpm patch file before applying; pin exact versions and test in a separate OpenClaw checkout.