soul-guardian
PassAudited by ClawScan on May 1, 2026.
Overview
Soul Guardian is a coherent local integrity-monitoring skill, but it can automatically overwrite selected agent files and optionally run on a schedule, so users should review baselines and state storage.
Install only if you want a local guard that can restore selected agent workspace files. Review the initial baselines, protect the state directory, and choose alert-only/no-restore modes if automatic overwrites are not acceptable. Review any cron or launchd setup before enabling continuous monitoring.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a baseline is stale or an edit was intentional but not approved, SOUL.md or AGENTS.md can be overwritten back to the stored baseline.
The skill intentionally mutates protected workspace files, including core agent instruction files, when drift is detected.
Side effects: can auto-restore protected files to their approved baseline ... restore mode intentionally overwrites drifted files
Initialize baselines only after reviewing the workspace, use alert-only or --no-restore if you do not want automatic overwrites, and approve intentional changes promptly.
If enabled, the monitor can keep running in the background and repeatedly check or restore files without another manual command.
The launchd helper can install a recurring background LaunchAgent, though the artifacts show this is opt-in via --install.
"StartInterval": int(args.interval_seconds),
"RunAtLoad": True,
"ProcessType": "Background"Enable launchd/cron only if you want continuous monitoring, review the generated plist or cron entry, and know how to disable it.
Anyone who can read or tamper with the state directory may see sensitive prompt data or influence what the guard restores later.
The tool stores reusable baselines and copies of prompt/instruction/memory files that influence future restores and may contain sensitive agent context.
The external state dir can contain approved snapshots, patches, and quarantined copies of drifted prompt/instruction/memory files. Keep permissions restrictive
Keep the state directory outside the workspace when possible, restrict permissions such as chmod 700, and back it up or monitor it separately.
The skill may fail at runtime on systems without python3, even though the registry requirement summary does not advertise that dependency.
The registry metadata says no required binaries, while SKILL.md documents python3 as required, so automated install/runtime checks may not preflight the real dependency.
Required binaries (all must exist): none
Confirm python3 is available before use; the package metadata should be updated to match the documented runtime requirement.