Skillv1.0.0

ClawScan security

Soul Shifter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 2:58 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with its stated purpose (managing persona files and researching/generating new personas); it makes no disproportionate demands on credentials, installs, or unrelated system resources.
Guidance: This skill is internally consistent with its description: it creates, saves, and activates persona files in ~/clawd and uses web_search to research characters. Before installing, consider: 1) Back up any existing ~/clawd/SOUL.md or ~/clawd/souls/ you care about — the skill will overwrite the active SOUL.md. 2) Review generated SOUL.md content before activation (the instructions say to announce/activate, but you should inspect to avoid undesirable language or harmful prompts). 3) Be aware that web_search results can include copyrighted or sensitive text; the persona generator may incorporate them. 4) If you are concerned about persistence or automated changes, restrict agent autonomy or require manual confirmation for create/activate actions. If the skill later includes code, network endpoints, required credentials, or an always:true flag, re-evaluate — those would raise stronger concerns.

Review Dimensions

Purpose & Capability: okThe name/description (manage and switch OpenClaw personas) matches the runtime instructions: creating/reading/writing ~/clawd/souls/*.md and ~/clawd/SOUL.md and using web_search to research characters. No unrelated credentials, binaries, or installs are requested.
Instruction Scope: noteInstructions are focused on the persona lifecycle (check/create the library directory, research via web_search, generate content using the provided template, save and activate files). This is coherent with the purpose. Note: it instructs the agent to overwrite ~/clawd/SOUL.md (persistent change) and to perform web searches — expected for research but worth noting because web-sourced text may include copyrighted or sensitive material and the activated persona can influence future agent behavior.
Install Mechanism: okInstruction-only skill with no install steps, downloads, or code files. This minimizes on-disk risk and is appropriate for a file-management/persona generation skill.
Credentials: okThe skill requests no environment variables, credentials, or access to external configuration. The resources it reads/writes (home directory under ~/clawd) are proportionate to its function.
Persistence & Privilege: noteThe skill persistently writes and overwrites files under the user's home (~/.clawd/SOUL.md and ~/clawd/souls/). While expected for a persona manager, this is a persistent change that alters agent identity and behavior over time; it's not intrinsically excessive but users should be aware of the permanence and potential for a generated persona to later influence actions.