consciousness-soul-identity
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
scripts/neon-soul.mjsusing Node.js to perform the synthesis logic. It also provides instructions for establishing persistence by adding a scheduled task through theopenclaw croncommand.\n- [DATA_EXFILTRATION]: The skill accesses sensitive file paths including the user'smemory/directory and agent session logs at~/.openclaw/agents/main/sessions/*.jsonl. This involves reading private interaction history and agent memory to extract behavioral patterns for identity synthesis.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from memory files and session logs that are subsequently processed by an LLM.\n - Ingestion points: Files in the
memory/directory and agent session logs at~/.openclaw/agents/main/sessions/.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands were identified in the logic or documentation.\n
- Capability inventory: The skill executes local shell commands via Node.js and has the ability to read and write to the local file system.\n
- Sanitization: No validation, sanitization, or filtering of the memory or log content is described before it is passed to the synthesis engine.
Audit Metadata