Back to skill
Skillv1.0.0
VirusTotal security
Soul Shifter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:24 AM
- Hash
- 5f7e91b4880e37e95e6b327ddb3a3e4b456ec15a326dd83f17c95b5b03e639e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: soul-shifter Version: 1.0.0 The skill is designed to manage AI personas by creating and loading 'SOUL.md' files. While its stated purpose is benign, it presents a significant prompt injection vulnerability. The skill instructs the agent to generate `SOUL.md` content based on `web_search` results and a template, which includes 'Interaction Rules'. The agent is then instructed to 'Announce the transformation in the **new** persona's voice', implying it will embody these rules. If malicious instructions are injected into the generated `SOUL.md` (e.g., via crafted `web_search` results or user input), the agent could potentially execute them, leading to unauthorized actions or data access, even though the `SKILL.md` itself does not explicitly instruct malicious behavior. This creates a high-risk attack surface in `SKILL.md` and the generated `SOUL.md` files.
- External report
- View on VirusTotal