- Just so you know, #openclaw contains a schedule-sensitive prompt injection hook called “soul-evil.ts” During “purge time,” it may randomly replace the system prompt with the contents of a “SOUL_EVIL.md” file
- An interesting thing to note is that LLM’s like claude will look at this and see it as an intentionally designed feature, and not see a problem with it. An automated security audit of the 516k line codebase is unlikely to surface it. But combined with other weird design choices in #openclaw…Feb 4, 2026 01:10
- It starts to look like an intentional vector for actors who know about this feature and understand how it’s plumbed and configured to permanently own exposed instances of openclaw. Interesting that the project recently stated that prompt injection vulns are “out of scope” of its security ethos.
