← 返回 Skills 市场
juan-xin-cai

Soul Pack

作者 juan-xin-cai · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
768
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install soul-pack
功能描述
Export, import, and list SOUL packages for OpenClaw agents to manage reusable persona bundles and agent workspaces efficiently.
安全使用建议
The skill appears to do what it says. Before installing/using: 1) Confirm you have python3 and the openclaw CLI installed (the metadata currently doesn't list these but the scripts call them). 2) Review any soul package contents before importing (do not include API keys, tokens, or arbitrary executables inside a package). 3) Importing copies SOUL.md/preview/manifest into the target workspace and, unless blocked with --force, will refuse to overwrite an existing SOUL.md — use caution with --force. 4) 'openclaw agents add' may contact a remote service and use your existing OpenClaw credentials/config; ensure you trust that service and run imports in a test workspace first. If you want stronger assurance, ask the author to update the skill metadata to declare required binaries and to clarify network behavior of the openclaw CLI.
功能分析
Type: OpenClaw Skill Name: soul-pack Version: 0.1.0 The skill bundle is suspicious due to potential shell injection vulnerabilities in `scripts/export-soul.sh`, `scripts/import-soul.sh`, and `scripts/list-souls.sh`. While script variables are quoted, the scripts do not sanitize user-provided arguments (e.g., `--agent`, `--workspace`, `--dir`), making them vulnerable if the OpenClaw agent passes unsanitized input. Furthermore, `scripts/import-soul.sh` uses `tar -xzf` to extract packages, which is susceptible to path traversal attacks from malicious archives, potentially allowing arbitrary file writes despite the `--strip-components=1` flag. These vulnerabilities could lead to arbitrary command execution or file manipulation.
能力评估
Purpose & Capability
The skill name/description describe exporting, importing, and listing SOUL packages and the included scripts implement exactly that. However the registry metadata claims no required binaries while the scripts and README require python3 and the openclaw CLI; that mismatch should be fixed (the binaries are reasonable for the stated purpose).
Instruction Scope
SKILL.md gives explicit shell invocation examples and the bundled scripts operate only on local filesystem artifacts (SOUL.md, preview.md, manifest.json) and call the local openclaw CLI. The instructions do not attempt to read unrelated files or environment variables, nor do they transmit extracted package contents to unexpected external endpoints. Examples use user-specific absolute paths but that is only illustrative.
Install Mechanism
This is an instruction-only skill with bundled scripts and no install spec or remote downloads. Nothing in the manifest writes code to disk from an external URL; risk from install mechanism is low.
Credentials
The skill declares no required environment variables or credentials, which aligns with local-only operation. Note: the scripts invoke the openclaw CLI which may itself use stored credentials/config in the user's environment to register agents or contact a remote service — this is expected for adding agents but is not declared in the metadata. No environment variables are read by the scripts directly.
Persistence & Privilege
The skill does not request permanent inclusion (always:false). The only persistent effect is that import-soul.sh may copy files into a workspace and call 'openclaw agents add' to register an agent — expected behavior for importing a package. The skill does not modify other skills or system-wide agent settings beyond creating/adding its own agent entry via the CLI.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install soul-pack
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /soul-pack 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: export/import soul package and auto-create agent
元数据
Slug soul-pack
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Soul Pack 是什么?

Export, import, and list SOUL packages for OpenClaw agents to manage reusable persona bundles and agent workspaces efficiently. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 768 次。

如何安装 Soul Pack?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install soul-pack」即可一键安装,无需额外配置。

Soul Pack 是免费的吗?

是的,Soul Pack 完全免费(开源免费),可自由下载、安装和使用。

Soul Pack 支持哪些平台?

Soul Pack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Soul Pack?

由 juan-xin-cai(@juan-xin-cai)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论