Higgsfield Soul ID
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s face-model training purpose is clear, but it asks the agent to run an unpinned remote installer and upload sensitive face photos to Higgsfield.
Before using this skill, install the Higgsfield CLI yourself from a trusted source if possible, confirm the account and paid-plan impact, and only upload face photos you are comfortable storing and using with Higgsfield.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote installer could run arbitrary setup code on the user’s machine before the skill can be used.
The skill instructs runtime installation by executing a remote script from GitHub's main branch without pinning a version or checksum, creating a supply-chain risk if the script changes or is compromised.
curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh
Install the Higgsfield CLI manually from trusted Higgsfield documentation, or require explicit user approval and a pinned version/checksum before running the installer.
Training may use the user’s Higgsfield account, plan entitlements, quotas, or billing-related access.
The skill uses an authenticated Higgsfield account and may require a paid plan; this is expected for the integration but gives the CLI access to the user’s account context.
ask the user to run `higgsfield auth login` (interactive) ... Soul training requires a paid plan (Basic+)
Confirm the intended Higgsfield account is logged in and understand any plan, quota, or billing impact before creating a Soul.
Personal face photos will be uploaded to Higgsfield and used to train an identity-faithful model.
The workflow sends user-selected face photos from local paths to the Higgsfield service for training; this is core to the skill, but the data is sensitive and crosses a provider boundary.
Get photos. 5–20 face photos ... Local paths or already-uploaded IDs both work ... CLI auto-uploads paths.
Upload only photos you are comfortable sending to Higgsfield, ensure you have consent for any person depicted, and review Higgsfield’s privacy and retention terms.
The resulting Soul reference may be reused for future image or video generations in the Higgsfield account.
The skill creates a persistent reusable identity model/reference, which is expected for Soul generation but is not a one-time transient upload.
Train a face-faithful identity model. Reusable across all Soul-powered generations.
Understand how to manage or delete trained Souls in Higgsfield before uploading sensitive identity photos.