Soul Shifter

Security checks across malware telemetry and agentic risk

Overview

This is a persona-management skill that openly changes OpenClaw’s active persona file, but it does not show hidden, destructive, credential-seeking, or unrelated behavior.

Install this only if you want a skill that can persistently change OpenClaw’s active persona. Review generated SOUL.md content before using it, keep backups of personas you care about, and remove any rules that weaken boundaries or conflict with your intended assistant behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly writes generated or loaded content into ~/clawd/SOUL.md, replacing existing persona state, and it also allows overwriting an existing saved soul after only a minimal prompt. Because persona files directly control agent behavior, silent or insufficiently gated replacement of this state can cause unintended persistence, loss of prior configuration, or installation of attacker-influenced persona instructions derived from web content or user prompts. In this context, the danger is elevated because the skill's core purpose is to modify the agent's active identity, so state changes are behaviorally significant rather than cosmetic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal