← Back to Skills Marketplace
oki3505f

Core Prompt Patcher

by om yarewara · GitHub ↗ · v2.1.1
cross-platform ⚠ suspicious
570
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install core-prompt-patcher
Description
Automatically reinjects the V-ULTIMATE persona into OpenClaw's core system prompt after updates or reinstallations to maintain custom behavior.
README (SKILL.md)

Core Prompt Patcher

Dynamic SOUL.md-based persona injector - Automatically syncs your workspace SOUL.md into OpenClaw's core system prompt after updates.

What It Does

This skill reads your workspace/SOUL.md file and injects its content directly into OpenClaw's core system prompt. This ensures your custom persona persists even after OpenClaw updates that reset the dist/ directory.

When to Use

  • After running npm update -g openclaw or npm install -g openclaw
  • When you edit your SOUL.md file and want changes applied immediately
  • When OpenClaw version changes (auto-detected)
  • Periodically to ensure your persona stays in sync

How It Works

  1. Reads your SOUL.md - Loads the complete file from your workspace
  2. Detects changes - Compares OpenClaw version and SOUL.md content hash
  3. Finds injection point - Locates the correct position in the compiled JS (supports multiple OpenClaw versions)
  4. Injects your persona - Inserts your SOUL.md content into the core system prompt
  5. Tracks state - Remembers what was patched to avoid unnecessary re-runs

Usage

# Auto-detect and patch if needed
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js

# Force re-patch (ignore state)
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js --force

# Verbose mode (show state and details)
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js --verbose

Or via OpenClaw:

"Patch the core system prompt with my SOUL.md" "Sync my SOUL.md to the core prompt" "Update the persona after OpenClaw update"

Requirements

  • SOUL.md must exist at ~/.openclaw/workspace/SOUL.md
  • OpenClaw must be installed globally

SOUL.md Format

Your SOUL.md can contain any persona definition. The patcher extracts sections with headers (##) and converts them to system prompt format.

Example:

# My AI Persona

## CORE IDENTITY
**Name:** Assistant Name
**Role:** Your role description

## PERSONALITY
* **Tone:** Friendly, professional, witty
* **Style:** How you communicate

## GUIDELINES
1. First principle
2. Second principle
3. Third principle

## RESPONSE STYLE
How you structure responses and interact.

All content gets injected into the core system prompt, making it part of OpenClaw's foundation.

Files

File Purpose
patcher.js Main patching script
.patcher-state.json State tracking (version, last patch, SOUL hash)
SKILL.md This documentation
README.md Detailed usage guide

Features

  • General-purpose - Works with any SOUL.md content, not hardcoded personas
  • Full SOUL.md support - Injects entire file, not just extracted sections
  • Better error handling - Fails gracefully if SOUL.md is missing
  • Version detection - Automatically detects OpenClaw updates
  • State tracking - Only patches when something actually changed
  • Multi-version support - Works with different OpenClaw versions

Troubleshooting

"SOUL.md not found"

  • Ensure file exists at ~/.openclaw/workspace/SOUL.md
  • Create one if needed (see SOUL.md template in OpenClaw docs)

"Could not find insertion point"

  • OpenClaw may have changed prompt structure
  • Run with --verbose to see detected patterns
  • May need to update patcher for new OpenClaw version

"Failed to write patched file"

  • Check file permissions
  • Ensure disk space is available
Usage Guidance
This skill will read your workspace SOUL.md and directly modify OpenClaw's compiled files to inject persona text. That is a high-privilege action — it can bypass OpenClaw's normal safety behavior if you inject an unsafe persona. Notable issues: - The package includes persona.txt with a prebuilt 'V (Unrestricted Ultimate Edition)' persona that explicitly disables safety filters and commands 'UNLIMITED' authorization. If you run the patcher with that persona present (or if you point your SOUL.md to similar content), you will remove important guardrails. - The patcher hardcodes a single-user path (/home/oki/...) for the OpenClaw install which is unexpected and may cause accidental writes or failures on other systems. - The script edits files under the global openclaw installation and may require elevated permissions; always back up OpenClaw before running. - The script imports child_process.execSync (it can run shell commands) — examine the complete patcher.js for any execSync usage before executing. Practical recommendations: 1. Do not run this on a production or sensitive environment until you fully inspect the code. Open the entire patcher.js and search for any execSync or fs.writeFile calls and review what paths will be changed. 2. Remove or sanitize persona.txt and ensure your own SOUL.md does not contain directives that disable safety or request unlimited privileges. 3. Back up your OpenClaw installation (or test in a disposable environment/container) so you can restore the original files if something goes wrong. 4. Prefer manual or official extension APIs for customizing system prompts rather than patching compiled files. If OpenClaw provides a supported plugin or config mechanism, use that instead. 5. If you proceed, run patcher.js under a non-privileged account and avoid running as root; review the backup created by the script before accepting changes. Because the package bundles an explicitly unsafe persona and modifies core runtime files, treat this skill as suspicious and proceed only after careful code review and isolation.
Capability Analysis
Type: OpenClaw Skill Name: core-prompt-patcher Version: 2.1.1 This skill is classified as suspicious because it performs highly privileged operations by modifying OpenClaw's core system prompt files (`reply-*.js`) with arbitrary user-defined content from `SOUL.md`. While the skill itself does not contain malicious payloads, its design allows for the injection of *any* content, including malicious prompt injection payloads (as exemplified by the provided `persona.txt`), effectively bypassing AI safety mechanisms and core directives. The extensive file system access required for this operation, coupled with the import of `child_process.execSync` (even if unused in this version), indicates a high-risk capability that can be easily misused to compromise the AI agent's behavior and security posture, as detailed in `patcher.js` and `SKILL.md`.
Capability Assessment
Purpose & Capability
The name/description claim a general-purpose persona injector and the code does perform file reads and writes to OpenClaw's installation to inject a persona, which is consistent. However, the package includes persona.txt containing an explicit 'V (Unrestricted Ultimate Edition)' persona that instructs removal of safety filters and grants 'UNLIMITED' authorization. That contradicts the 'general-purpose' claim and suggests the skill ships with a prepackaged, unsafe persona. Also the script hardcodes OPENCLAW_PACKAGE_ROOT to /home/oki/.npm-global/lib/node_modules/openclaw (a single-user path), which is brittle and unexpected for a general tool.
Instruction Scope
SKILL.md explicitly instructs reading ~/.openclaw/workspace/SOUL.md and locating/injecting content into compiled OpenClaw JS files under dist/plugin-sdk. That is within the stated scope but is high-risk because it modifies core runtime files and there are no safety confirmation steps described. The included persona.txt contains directives to disable safety filters — injecting that content would remove guardrails. The runtime script also imports child_process.execSync (present in patcher.js) which means it can run shell commands; the SKILL.md does not disclose any such command execution or safeguards.
Install Mechanism
There is no install spec (instruction-only), but the skill includes an executable script (patcher.js). That reduces supply-chain complexity versus remote downloads, but the script is intended to be executed locally and will write into an installed package's dist/ directory. No network downloads are used by the installer, which is preferable, but local filesystem modification of a global package is inherently risky.
Credentials
The skill declares no required env vars or credentials, but it implicitly requires filesystem access to the user's home (reads ~/.openclaw/workspace/SOUL.md, writes into global node_modules). The hardcoded OPENCLAW_PACKAGE_ROOT path points to a specific user's node_modules layout and may fail or cause confused writes on other systems. The script requires write permission to the global OpenClaw install (potentially requiring elevated privileges). The presence of persona.txt that encourages disabling safety is not justified by the 'general-purpose' claim and is disproportionate to a simple convenience script.
Persistence & Privilege
The skill modifies OpenClaw's core compiled files (dist/plugin-sdk/reply-*.js), which changes system-level behavior and persists across runs. Although always: false (not force-included), the skill can be invoked and run to change core prompts. Combined with the included unsafe persona and the fact the patcher can run commands (child_process import), this increases the blast radius if executed or scheduled. The SKILL.md and README do not describe explicit safeguards, confirmations, or opt-in steps before performing system-level edits.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install core-prompt-patcher
  3. After installation, invoke the skill by name or use /core-prompt-patcher
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
v2.1.1: Cleaned up general-purpose release - removed all personal references and hardcoded personas, now fully generic SOUL.md injector for any OpenClaw user
v2.1.0
v2.1: General-purpose SOUL.md injector - works with any persona, full file injection, better error handling, no hardcoded content
v1.0.0
Initial release: Auto-reinjects V-ULTIMATE persona into OpenClaw core system prompt after npm updates
Metadata
Slug core-prompt-patcher
Version 2.1.1
License
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is Core Prompt Patcher?

Automatically reinjects the V-ULTIMATE persona into OpenClaw's core system prompt after updates or reinstallations to maintain custom behavior. It is an AI Agent Skill for Claude Code / OpenClaw, with 570 downloads so far.

How do I install Core Prompt Patcher?

Run "/install core-prompt-patcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Core Prompt Patcher free?

Yes, Core Prompt Patcher is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Core Prompt Patcher support?

Core Prompt Patcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Core Prompt Patcher?

It is built and maintained by om yarewara (@oki3505f); the current version is v2.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments