← Back to Skills Marketplace
spfadvisors

AI Persona Engine

by SPFAdvisors · GitHub ↗ · v2.1.0 · MIT-0
cross-platform ⚠ suspicious
144
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install persona-engine
Description
Create and customize AI personas with voice, face, personality, memory, and cross-platform behavior using an interactive wizard and safe update tools.
Usage Guidance
This skill looks like a full-featured persona builder and includes many local scripts to generate persona files, voice/image config, and memory scaffolding — so it's plausible for its stated purpose. However: 1) the package metadata declares no required environment variables but the wizard and references clearly request multiple external API keys (ElevenLabs, Gemini/Google, xAI). Ask the author or inspect scripts to see where API keys are stored (plain text vs keyring) before entering secret keys. 2) The wizard auto-installs an 'agent-selfie' component and supports 'spontaneous' voice/image triggers; confirm what that component does and how unsolicited generations are triggered and stored. 3) The 'persona-fleet' feature implies cross-machine or network discovery — review persona-fleet.py to confirm whether it enumerates or contacts remote hosts and what credentials it needs. 4) If you plan to use real accounts or sensitive data, run the skill in a sandboxed environment or inspect/execute the scripts manually to verify they don’t transmit workspace contents or keys to external endpoints. Providing the contents of persona-create.sh, persona-fleet.py, and persona-export/import scripts (or a statement from the author about where keys are persisted and what auto-install does) would raise confidence and could move this assessment toward benign.
Capability Analysis
Type: OpenClaw Skill Name: persona-engine Version: 2.1.0 The persona-engine skill bundle provides a robust framework for managing AI identities but contains a path traversal (ZipSlip) vulnerability in `scripts/persona-import.sh`. The import script extracts files from zip bundles without validating that the destination paths remain within the target workspace, potentially allowing a malicious bundle to overwrite sensitive files outside the intended directory. While the bundle demonstrates benign intent through features like automated API key stripping in `scripts/lib/config.py` and comprehensive documentation, the inclusion of this high-risk vulnerability necessitates a suspicious classification.
Capability Assessment
Purpose & Capability
The code and docs align with the stated purpose (generating SOUL.md, USER.md, TTS/image config, memory scaffolding). However the SKILL metadata declares no required environment variables or credentials while the runtime instructions and config explicitly expect provider API keys (ElevenLabs, Gemini/Google, xAI/Grok). That mismatch is a coherence problem: the skill will ask for and use external service keys but does not declare them.
Instruction Scope
Runtime instructions direct the agent to read and write workspace files (~/.openclaw/workspace and openclaw.json), collect API keys interactively, generate and save reference images, and enable spontaneous voice/image triggers. The wizard also promises a 'persona-fleet' view across machines and an automatic install of an 'agent-selfie' skill — both of which broaden scope beyond a local generator and could involve network scanning or cross-system operations. These behaviors are not limited to the minimal task of generating persona files.
Install Mechanism
No install spec is declared (instruction-only), which lowers install-time risk. The package nonetheless contains many executable scripts that will be run locally when invoked. The SKILL.md references installing via 'clawhub' and auto-installing 'agent-selfie' during persona creation; how that auto-install is performed is not specified. Lack of an explicit, auditable install step for the auto-install behavior is a concern to verify before running.
Credentials
The skill declares no required env vars, yet the wizard and docs repeatedly request API keys for multiple external providers (ElevenLabs, Google Gemini, xAI/Grok). Requiring multiple unrelated provider credentials for a single persona tool is plausible, but the registry metadata should declare these. There's also a claim that exports 'exclude API keys' — unclear where keys are stored (openclaw.json, OS keyring, or plain text). This ambiguity increases the risk of accidental credential exposure.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed by default. However the skill claims to auto-install another skill ('agent-selfie') and to enable spontaneous voice/image triggers that operate without explicit user prompts. Auto-installing other skills and enabling unsolicited behavior increases the attack surface and is not justified clearly in the documentation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install persona-engine
  3. After installation, invoke the skill by name or use /persona-engine
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
v2.1: persona preview, migration tool, personality blending, multi-agent fleet management, 8 community templates, voice audition, safe updates with diff, validate, dry-run. 50 files, 77 tests.
v2.0.0
v2: persona preview, migration tool, personality blending, multi-agent fleet management, 8 community templates, voice audition, safe updates with diff preview, validate & dry-run commands. 77 tests, zero external deps.
Metadata
Slug persona-engine
Version 2.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is AI Persona Engine?

Create and customize AI personas with voice, face, personality, memory, and cross-platform behavior using an interactive wizard and safe update tools. It is an AI Agent Skill for Claude Code / OpenClaw, with 144 downloads so far.

How do I install AI Persona Engine?

Run "/install persona-engine" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI Persona Engine free?

Yes, AI Persona Engine is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AI Persona Engine support?

AI Persona Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI Persona Engine?

It is built and maintained by SPFAdvisors (@spfadvisors); the current version is v2.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments