Soul Archive

This skill appears to do what it says: extract and store multi-dimensional personal data locally and optionally encrypt it. Key things to consider before installing: - Encryption: enable AES-256-GCM protection (follow instructions) if you will store sensitive identity, relationship, health, finance, or emotional data. If enabled, keep the access key safe—losing it means permanent data loss. - Data exfiltration risk: the skill builds System Prompts from archived data. If your agent is configured to send prompts to cloud LLMs or external services, those prompts may include your archived personal data. Verify your agent/platform does not forward sensitive prompts before enabling auto-extraction or running Soul Chat. - Local exposure: data is stored under ~/.skills_data/soul-archive/ (Path.home()). Any other process or user account on the same machine can potentially access those files unless you use OS-level protections or encryption. Do not store the HTML report in the data directory (README warns against this). - SOUL_PASSWORD handling: the skill permits providing the encryption key via the SOUL_PASSWORD env var or --access-key; avoid putting long-lived secrets into shell history or shared environment variables. Prefer interactive entry when possible. - Dependency: the cryptography package is required only for encryption features; ensure you install it from a trusted source (pip from PyPI) if you enable protection. If you want stronger guarantees, ask the skill author to (1) document exact places where prompt data is constructed/sent, (2) provide an option to redact or limit which fields are included in live prompts, and (3) implement an explicit offline mode that refuses any outbound network activity. Otherwise the skill is coherent with its stated purpose but carries predictable privacy risks you should manage.