The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute various CLI commands including npx openpersona, npx clawhub, openclaw, and gh. These commands are used for persona creation, installation, registry management, and GitHub contributions.
[EXTERNAL_DOWNLOADS]: The skill frequently uses npx to download and run packages from the NPM registry at runtime, such as openpersona, clawhub, and @agentplanet/acn. These are identified as vendor-owned resources for acnlabs.
[REMOTE_CODE_EXECUTION]: The use of npx for vendor tools constitutes remote code execution of packages downloaded from a public registry. This is a primary function of the meta-skill for managing the persona ecosystem.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its search and recommendation features.
Ingestion points: The skill fetches data from external registries via npx clawhub search and WebFetch to the skills.sh API.
Boundary markers: No specific delimiters or "ignore instructions" warnings are documented for the ingestion of external skill metadata during search.
Capability inventory: The skill possesses Bash execution, Write access to the filesystem (to create skill packs), and Read access.
Sanitization: There is no explicit mention of sanitizing or validating descriptions and names returned from external registries before they are incorporated into generated SKILL.md files.
[DYNAMIC_EXECUTION]: The skill dynamically generates persona skill packs, which include JavaScript files (scripts/state-sync.js) and markdown instructions (SKILL.md). These are created based on user input and templates.

open-persona