soul-guardian
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: soul-guardian Version: 0.0.5 The 'soul-guardian' skill is a security utility designed for file integrity monitoring and automatic restoration of critical agent workspace files (e.g., SOUL.md, AGENTS.md). The core logic in 'soul_guardian.py' uses SHA256 hashing for drift detection, maintains a tamper-evident audit log with hash chaining, and implements a quarantine system for modified files. The bundle includes helper scripts for macOS launchd persistence and state directory management, all of which are consistent with the stated goal of providing resilient, long-term integrity guarding. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a baseline is stale or an edit was intentional but not approved, SOUL.md or AGENTS.md can be overwritten back to the stored baseline.
The skill intentionally mutates protected workspace files, including core agent instruction files, when drift is detected.
Side effects: can auto-restore protected files to their approved baseline ... restore mode intentionally overwrites drifted files
Initialize baselines only after reviewing the workspace, use alert-only or --no-restore if you do not want automatic overwrites, and approve intentional changes promptly.
If enabled, the monitor can keep running in the background and repeatedly check or restore files without another manual command.
The launchd helper can install a recurring background LaunchAgent, though the artifacts show this is opt-in via --install.
"StartInterval": int(args.interval_seconds),
"RunAtLoad": True,
"ProcessType": "Background"Enable launchd/cron only if you want continuous monitoring, review the generated plist or cron entry, and know how to disable it.
Anyone who can read or tamper with the state directory may see sensitive prompt data or influence what the guard restores later.
The tool stores reusable baselines and copies of prompt/instruction/memory files that influence future restores and may contain sensitive agent context.
The external state dir can contain approved snapshots, patches, and quarantined copies of drifted prompt/instruction/memory files. Keep permissions restrictive
Keep the state directory outside the workspace when possible, restrict permissions such as chmod 700, and back it up or monitor it separately.
The skill may fail at runtime on systems without python3, even though the registry requirement summary does not advertise that dependency.
The registry metadata says no required binaries, while SKILL.md documents python3 as required, so automated install/runtime checks may not preflight the real dependency.
Required binaries (all must exist): none
Confirm python3 is available before use; the package metadata should be updated to match the documented runtime requirement.