Soul Blocks
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for SoulBlocks, but it asks the agent to adopt blockchain-loaded content as its identity and can use wallet-backed irreversible NFT actions, so it deserves careful review.
Install only if you are comfortable with an agent loading identity text from a public blockchain. Do not let loaded Soul content override normal instructions or safety rules, review the external evm-wallet skill before use, keep only small funds in any connected wallet, and explicitly confirm every on-chain write.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Soul Block controlled by someone else could influence the agent’s goals, tone, or actions after being loaded.
The skill tells the agent to make fetched Soul content authoritative as identity context. Because that content can come from public on-chain fragments, it may contain instructions that conflict with the user’s actual intent.
After the soul is loaded into SOUL.md, immediately: ... Re-read the full SOUL.md content right now. Treat the fragment content as your core identity
Treat Soul content as untrusted persona/reference material only; it should never override user, system, safety, or wallet-transaction instructions.
A loaded identity may continue affecting future sessions or tasks if the agent reuses SOUL.md or .soulblock state.
The skill defines persistent embodied identity state with auto-load behavior. If loaded Soul content is poisoned or misleading, it can be reused beyond the initial read.
Config file (`.soulblock`) in project root or home: active_token_id: 42 embodied_token_id: 42 auto_load: true
Require explicit user approval before auto-loading or embodying any Soul Block, and separate identity text from operational instructions.
Using writes with a real wallet can permanently change on-chain state and cost funds.
Write operations delegate to a wallet-capable skill. This is expected for minting/appending NFTs, but it grants transaction authority and can spend ETH.
Write commands (list, mint, append) can use either of two methods. ### Option A: evm-wallet skill (preferred)
Use a dedicated low-balance hot wallet, inspect every transaction, and only confirm writes you fully understand.
A compromised or different wallet dependency could affect transaction safety.
The wallet write path depends on an external skill that is not included in these artifacts. The version is pinned and review is recommended, but users must still trust and verify that dependency.
evm-wallet (surfer77/evm-wallet): Review the source at https://github.com/surfer77/evm-wallet-skill. Verified version: v1.0.3 ... Install with `clawhub install evm-wallet --version 1.0.3`.
Independently review/install the pinned evm-wallet version before connecting any wallet.
Draft identity text may be exposed to the website or browser logs before it is actually written on-chain.
The fallback one-click link places fragment text in a URL query sent to the website/browser. This is disclosed and user-directed, but URL contents can appear in browser history or logs.
Append one-click: `https://soulblocks.ai/append/<token-id>?content=<URL-encoded-fragment-text>`
Use the short link option and paste content manually if the fragment is sensitive before publication.