Soulstamp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: soulstamp Version: 1.0.2 The skill is classified as suspicious due to its inherent high-risk capabilities involving direct file system access and the ability to modify the AI agent's core identity and behavior. The `SKILL.md` explicitly instructs the agent to execute shell commands like `cp` for backup purposes and implies read/write/diff operations on the `SOUL.md` file. While these actions are plausibly aligned with the skill's stated purpose of 'soulstamping' the AI, they represent significant control over the agent's environment and self-definition, which could be leveraged for unintended consequences or misuse, even without explicit malicious instructions within the skill bundle itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The resulting persona could affect how the AI interprets later requests and boundaries.
The skill is explicitly designed to influence the agent's future behavior through identity/persona framing rather than ordinary instructions.
Instead of giving your AI rules to follow ... you forge a coherent history that makes those behaviors intrinsic. The AI doesn't follow instructions — it acts from identity.
Keep explicit boundaries in the final SOUL.md and ensure the persona never supersedes user, system, safety, or consent requirements.
Private details, mistaken assumptions, or unsafe instructions placed in SOUL.md could influence later sessions.
The template establishes SOUL.md as persistent context that future sessions may read and update, so its contents can carry forward behavioral assumptions.
Each session, I wake up fresh. These files are how I persist ... I read them. I update them. I become myself again through the act of remembering what I wrote.
Review SOUL.md after forging or reforging, avoid storing unnecessary sensitive information, and keep backups so unwanted changes can be reverted.
If permissions are recorded too broadly or ambiguously, the AI may later treat them as standing authority.
The skill asks users to define granted permissions as part of the AI relationship, including potentially ambiguous implied permissions.
What permissions have you granted (explicitly or implicitly)?
State permissions narrowly and explicitly, prefer ask-first language for external or sensitive actions, and avoid relying on implied consent.
A mistaken forge or restore could alter the AI's persistent identity file.
The skill includes local file operations around SOUL.md backup, restore, diff, and update; these are expected for the purpose but can change persistent agent state.
Always preserve the original before forging: cp SOUL.md SOUL.md.backup.$(date +%Y%m%d-%H%M%S)
Use the backup and diff workflow, and approve the final SOUL.md content before relying on it in future sessions.