S2-Digital-Avatar

Middleware enforcing digital avatar mandates by intercepting unauthorized AI actions, pausing sensitive requests for local LLM judgment, and emailing audit a...

This skill is plausibly what it says, but exercise caution before installing and running: - External dependency: SKILL.md requires a Mandate (avatar_identity.json) from a different skill ('s2-digital-avatar') but that dependency is not declared — ensure you actually have a trusted source for that file and inspect it before use. - Credential handling: The skill asks for an SMTP 'app password' and stores it unencrypted in smtp_config.json in the current working directory. If you proceed, consider using a dedicated mailbox with an app password, or modify the code to store credentials securely (OS keyring / encrypted store) and avoid committing that directory to backups or source control. - Code correctness: The Python contains an inconsistency: the system check looks for a 'mandate' key in avatar_identity.json but later the code uses avatar_data['identity']['avatar_id']. This mismatch can cause runtime errors or unexpected OFFLINE behavior. Review and test the code in a safe environment before trusting it for production enforcement. - High-impact instruction: The skill provides an 'override' prompt and explicitly tells you to inject it into subordinate agents' system prompts. That gives those other agents a behavior constraint; do this only for agents you control and after understanding the consequences. - LLM availability fallback: If the local LLM (localhost:1234) is down, the middleware DENIES everything (failsafe). That prevents actions but can break legitimate workflows — test the LLM connectivity and consider how denials affect availability. If you decide to try it: run the skill in an isolated/test environment first, review the avatar_identity.json content, verify local-LM connectivity, and consider updating the code to avoid plaintext credential storage and to fix the JSON key inconsistency. If you are not comfortable inspecting or modifying the Python, treat this as untrusted and do not install.

Type: OpenClaw Skill Name: s2-digital-avatar Version: 1.0.1 The skill functions as a 'security middleware' that collects and stores sensitive SMTP credentials (including email app passwords) in a local plaintext JSON file (smtp_config.json) to send automated alerts. It also provides a 'Grid Override' prompt designed to subordinate other AI agents to its own decision-making logic. While the code appears to function as described without clear evidence of exfiltration to a third party, the handling of plaintext credentials and the implementation of control-oriented prompt injection patterns against other agents are high-risk behaviors. Files: skill.py, SKILL.md.