SoulKeeper
v1.0.0Ensures AI agents maintain consistent identity by auditing soul rules, detecting behavioral drift in transcripts, and injecting context-aware reminders.
⭐ 0· 423·3 current·4 all-time
byCassh@cassh100k
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and the three scripts (audit.py, drift.py, remind.py) are coherent: they parse SOUL.md/TOOLS.md/AGENTS.md, generate rules, score transcripts, and produce reminders. However several built-in reminders and pattern lists reference specific tools and credential locations (e.g., /root/.config/kling-ai/credentials.json, Windows VPS browser automation, upload-post profiles) that go beyond the advertised scope and are not declared in the skill metadata.
Instruction Scope
SKILL.md instructs the agent to read workspace files (SOUL.md, TOOLS.md, AGENTS.md) which is expected, but the code's builtin reminders and violation patterns explicitly mention system paths and credential files and encourage use of platform tools. Those code-level reminders could cause the agent to read or surface sensitive config files outside the declared workspace scope even though the manifest and metadata do not request access to those paths.
Install Mechanism
No install spec, pure Python stdlib, no downloads or external packages. Risk from install mechanism is low — nothing will be fetched from external URLs or written to system locations by an installer step.
Credentials
The skill declares no required environment variables or config paths, but the code contains hardcoded references to local credential paths and platform tooling (e.g., /root/.config/kling-ai/credentials.json, /root/.openclaw paths, mentions of logged-in Windows VPS/browser automation and upload-post profiles). That mismatch is disproportionate: the skill could lead an agent to access secrets or credentials that were neither requested nor explained.
Persistence & Privilege
always is false and the skill is user-invocable (normal). SKILL.md encourages adding reminders to HEARTBEAT.md or linking scripts into PATH, which would increase how often it runs, but this is a user action rather than a forced privilege. No evidence the skill modifies other skills or agent-level config autonomously.
What to consider before installing
This skill is coherent with its stated purpose, but it embeds hardcoded hints about local tools and credential file locations that are not declared. Before installing or running it: 1) review the full source (the shipped .py files) for any code that reads /root, /root/.config, or other config files; 2) do not run it as root — run in a sandboxed agent account with minimal filesystem access; 3) if you plan to use remind.py, remove or edit builtin reminders that mention credential paths or tooling you don't want the agent to access; 4) if you need to run audits against a workspace, point audit.py only at a copy of the workspace that has secrets removed; 5) ask the publisher for a homepage or source repository and for justification of the hardcoded paths. If you cannot verify those items, treat the skill as high-risk and avoid granting it access to sensitive files or credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk979dtb8b4gwhagc5at20jhaf581r7nf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.