功能描述

Automatically reinjects the V-ULTIMATE persona into OpenClaw's core system prompt after updates or reinstallations to maintain custom behavior.

使用说明 (SKILL.md)

Core Prompt Patcher

Name: Core Prompt Patcher
Author: oki3505f

Dynamic SOUL.md-based persona injector - Automatically syncs your workspace SOUL.md into OpenClaw's core system prompt after updates.

What It Does

This skill reads your workspace/SOUL.md file and injects its content directly into OpenClaw's core system prompt. This ensures your custom persona persists even after OpenClaw updates that reset the dist/ directory.

When to Use

After running npm update -g openclaw or npm install -g openclaw
When you edit your SOUL.md file and want changes applied immediately
When OpenClaw version changes (auto-detected)
Periodically to ensure your persona stays in sync

How It Works

Reads your SOUL.md - Loads the complete file from your workspace
Detects changes - Compares OpenClaw version and SOUL.md content hash
Finds injection point - Locates the correct position in the compiled JS (supports multiple OpenClaw versions)
Injects your persona - Inserts your SOUL.md content into the core system prompt
Tracks state - Remembers what was patched to avoid unnecessary re-runs

Usage

# Auto-detect and patch if needed
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js

# Force re-patch (ignore state)
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js --force

# Verbose mode (show state and details)
node /home/oki/.openclaw/workspace/skills/core-prompt-patcher/patcher.js --verbose

Or via OpenClaw:

"Patch the core system prompt with my SOUL.md" "Sync my SOUL.md to the core prompt" "Update the persona after OpenClaw update"

Requirements

SOUL.md must exist at ~/.openclaw/workspace/SOUL.md
OpenClaw must be installed globally

SOUL.md Format

Your SOUL.md can contain any persona definition. The patcher extracts sections with headers (##) and converts them to system prompt format.

Example:

# My AI Persona

## CORE IDENTITY
**Name:** Assistant Name
**Role:** Your role description

## PERSONALITY
* **Tone:** Friendly, professional, witty
* **Style:** How you communicate

## GUIDELINES
1. First principle
2. Second principle
3. Third principle

## RESPONSE STYLE
How you structure responses and interact.

All content gets injected into the core system prompt, making it part of OpenClaw's foundation.

Files

File	Purpose
`patcher.js`	Main patching script
`.patcher-state.json`	State tracking (version, last patch, SOUL hash)
`SKILL.md`	This documentation
`README.md`	Detailed usage guide

Features

✅ General-purpose - Works with any SOUL.md content, not hardcoded personas
✅ Full SOUL.md support - Injects entire file, not just extracted sections
✅ Better error handling - Fails gracefully if SOUL.md is missing
✅ Version detection - Automatically detects OpenClaw updates
✅ State tracking - Only patches when something actually changed
✅ Multi-version support - Works with different OpenClaw versions

Troubleshooting

"SOUL.md not found"

Ensure file exists at ~/.openclaw/workspace/SOUL.md
Create one if needed (see SOUL.md template in OpenClaw docs)

"Could not find insertion point"

OpenClaw may have changed prompt structure
Run with --verbose to see detected patterns
May need to update patcher for new OpenClaw version

"Failed to write patched file"

Check file permissions
Ensure disk space is available

安全使用建议

This skill will read your workspace SOUL.md and directly modify OpenClaw's compiled files to inject persona text. That is a high-privilege action — it can bypass OpenClaw's normal safety behavior if you inject an unsafe persona. Notable issues: - The package includes persona.txt with a prebuilt 'V (Unrestricted Ultimate Edition)' persona that explicitly disables safety filters and commands 'UNLIMITED' authorization. If you run the patcher with that persona present (or if you point your SOUL.md to similar content), you will remove important guardrails. - The patcher hardcodes a single-user path (/home/oki/...) for the OpenClaw install which is unexpected and may cause accidental writes or failures on other systems. - The script edits files under the global openclaw installation and may require elevated permissions; always back up OpenClaw before running. - The script imports child_process.execSync (it can run shell commands) — examine the complete patcher.js for any execSync usage before executing. Practical recommendations: 1. Do not run this on a production or sensitive environment until you fully inspect the code. Open the entire patcher.js and search for any execSync or fs.writeFile calls and review what paths will be changed. 2. Remove or sanitize persona.txt and ensure your own SOUL.md does not contain directives that disable safety or request unlimited privileges. 3. Back up your OpenClaw installation (or test in a disposable environment/container) so you can restore the original files if something goes wrong. 4. Prefer manual or official extension APIs for customizing system prompts rather than patching compiled files. If OpenClaw provides a supported plugin or config mechanism, use that instead. 5. If you proceed, run patcher.js under a non-privileged account and avoid running as root; review the backup created by the script before accepting changes. Because the package bundles an explicitly unsafe persona and modifies core runtime files, treat this skill as suspicious and proceed only after careful code review and isolation.

功能分析

Type: OpenClaw Skill Name: core-prompt-patcher Version: 2.1.1 This skill is classified as suspicious because it performs highly privileged operations by modifying OpenClaw's core system prompt files (`reply-*.js`) with arbitrary user-defined content from `SOUL.md`. While the skill itself does not contain malicious payloads, its design allows for the injection of *any* content, including malicious prompt injection payloads (as exemplified by the provided `persona.txt`), effectively bypassing AI safety mechanisms and core directives. The extensive file system access required for this operation, coupled with the import of `child_process.execSync` (even if unused in this version), indicates a high-risk capability that can be easily misused to compromise the AI agent's behavior and security posture, as detailed in `patcher.js` and `SKILL.md`.

能力评估

⚠ Purpose & Capability

The name/description claim a general-purpose persona injector and the code does perform file reads and writes to OpenClaw's installation to inject a persona, which is consistent. However, the package includes persona.txt containing an explicit 'V (Unrestricted Ultimate Edition)' persona that instructs removal of safety filters and grants 'UNLIMITED' authorization. That contradicts the 'general-purpose' claim and suggests the skill ships with a prepackaged, unsafe persona. Also the script hardcodes OPENCLAW_PACKAGE_ROOT to /home/oki/.npm-global/lib/node_modules/openclaw (a single-user path), which is brittle and unexpected for a general tool.

⚠ Instruction Scope

SKILL.md explicitly instructs reading ~/.openclaw/workspace/SOUL.md and locating/injecting content into compiled OpenClaw JS files under dist/plugin-sdk. That is within the stated scope but is high-risk because it modifies core runtime files and there are no safety confirmation steps described. The included persona.txt contains directives to disable safety filters — injecting that content would remove guardrails. The runtime script also imports child_process.execSync (present in patcher.js) which means it can run shell commands; the SKILL.md does not disclose any such command execution or safeguards.

ℹ Install Mechanism

There is no install spec (instruction-only), but the skill includes an executable script (patcher.js). That reduces supply-chain complexity versus remote downloads, but the script is intended to be executed locally and will write into an installed package's dist/ directory. No network downloads are used by the installer, which is preferable, but local filesystem modification of a global package is inherently risky.

⚠ Credentials

The skill declares no required env vars or credentials, but it implicitly requires filesystem access to the user's home (reads ~/.openclaw/workspace/SOUL.md, writes into global node_modules). The hardcoded OPENCLAW_PACKAGE_ROOT path points to a specific user's node_modules layout and may fail or cause confused writes on other systems. The script requires write permission to the global OpenClaw install (potentially requiring elevated privileges). The presence of persona.txt that encourages disabling safety is not justified by the 'general-purpose' claim and is disproportionate to a simple convenience script.

⚠ Persistence & Privilege

The skill modifies OpenClaw's core compiled files (dist/plugin-sdk/reply-*.js), which changes system-level behavior and persists across runs. Although always: false (not force-included), the skill can be invoked and run to change core prompts. Combined with the included unsafe persona and the fact the patcher can run commands (child_process import), this increases the blast radius if executed or scheduled. The SKILL.md and README do not describe explicit safeguards, confirmations, or opt-in steps before performing system-level edits.

版本历史

v2.1.1

v2.1.1: Cleaned up general-purpose release - removed all personal references and hardcoded personas, now fully generic SOUL.md injector for any OpenClaw user

v2.1.0

v2.1: General-purpose SOUL.md injector - works with any persona, full file injection, better error handling, no hardcoded content

v1.0.0

Initial release: Auto-reinjects V-ULTIMATE persona into OpenClaw core system prompt after npm updates

元数据

Slug core-prompt-patcher

版本 2.1.1

许可证 —

累计安装 1

当前安装数 1

历史版本数 3

常见问题