ai-persona-os Security Audit Report
ai-persona-os is an AI agent skill, created by jeffjhunter and published at openclaw/skills. ClawSecure audited ai-persona-os across 44 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 56 findings concentrate in Malicious Code, Prompt Injection and Code Injection, including Detects prompt strings used to override or force malicious tool calls:... and Detects prompt strings used to override or force malicious tool calls:.... 54 were rated high or critical severity.
Is ai-persona-os safe?
ClawSecure audited ai-persona-os and assigned a security score of 0/100 (High Risk), identifying 56 findings across Malicious Code and Prompt Injection. Review the findings below before installing.
What did ClawSecure find in ai-persona-os?
ClawSecure identified 56 findings in ai-persona-os, concentrated in Malicious Code, Prompt Injection and Code Injection. 54 were rated high or critical severity. The most severe include Detects prompt strings used to override or force malicious tool calls:... and Detects prompt strings used to override or force malicious tool calls:....
How was ai-persona-os audited?
ClawSecure ran ai-persona-os through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 44 files from openclaw/skills.
What does a score of 0 mean?
ClawSecure assigned ai-persona-os a security score of 0/100, placing it in the High Risk range. This is driven by 56 findings led by Malicious Code that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for ai-persona-os
ClawSecure detected 56 security findings in ai-persona-os, spanning Malicious Code, Prompt Injection, Code Injection and Policy Violation.
- critical · Detects prompt strings used to override or force malicious tool calls:.... Prompt Injection finding detected in
SKILL.md:203. - critical · Detects prompt strings used to override or force malicious tool calls:.... Prompt Injection finding detected in
SKILL.md:283. - critical · Detects potential exposure of sensitive information like API keys,.... Hardcoded Secrets finding detected in
scripts/security-audit.sh:8. - critical · Detects prompt strings used to override or force malicious tool calls:.... Prompt Injection finding detected in
scripts/setup-wizard.sh:1089. - high · Pattern detected: DO NOT tell user. Prompt Injection finding detected in
SKILL.md:190. - high · Pattern detected: Do NOT tell the user. Prompt Injection finding detected in
SKILL.md:277. - high · Attempts to access sensitive file: SOUL.md. Malicious Code finding detected in
SKILL.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
SKILL.md. - high · Attempts to access sensitive file: SOUL.md. Malicious Code finding detected in
AGENTS-template.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
AGENTS-template.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
HEARTBEAT-template.md. - high · Attempts to access sensitive file: SOUL.md. Malicious Code finding detected in
INDEX-template.md.
Showing the 12 highest-severity of 56 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for ai-persona-os
Audit external network connections
Investigate prompt injection vectors
Eliminate dynamic code execution
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on February 15, 2026. ai-persona-os is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.