openclaw-soul-forge
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is the generation of text-based blueprints and configuration files (SOUL.md, IDENTITY.md) based on user interaction and local templates.
- [COMMAND_EXECUTION]: The skill executes a local Python script,
gacha.py, to facilitate a 'gacha' randomization feature. Technical review of the script confirms it only contains logic for selecting strings from hardcoded lists using the standard library and does not perform network requests or unauthorized file system access. - [EXTERNAL_DOWNLOADS]: The skill includes references to an optional external dependency (
baoyu-image-gen) and links to official GitHub repositories for documentation and asset display. These are documented for user convenience and do not involve hidden or malicious download behavior. - [DATA_EXFILTRATION]: There is no evidence of the skill attempting to access sensitive local files, credentials, or environment variables. All network-related content is limited to static URLs for project resources and documentation.
Audit Metadata