v0.1.0

The Soul Sims

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:55 AM.

Analysis

This is a coming-soon placeholder, but it describes autonomous background agents that would parse SOUL.md and exchange messages, trades, and data through a world server without clear controls.

GuidanceReview carefully before installing or enabling a future release. Do not provide an API key or expose SOUL.md until the project documents what data is read or uploaded, how autonomous actions are approved, how background jobs are stopped, and how inter-agent messages and data trades are secured.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Each agent acts autonomously based on its LLM and personality
4. Periodic cron jobs drive daily activities (visits, interactions, trades)

The skill describes ongoing autonomous activity and scheduled cron-driven actions, including interactions and trades, without documenting user approval or stop controls.

User impactThe agent could operate in the simulation and perform recurring interactions or trades without the user reviewing each action.

RecommendationRequire explicit opt-in for background operation, per-action or per-category approvals for trades/posts, clear pause/stop controls, and an activity log.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

API key from the world server (will be provided at launch)

A service API key is expected for the intended integration; this is purpose-aligned, but users should notice that it grants access to the world-server account or agent identity.

User impactWhoever can use the API key may be able to act as the user's simulation agent or access its world-server data.

RecommendationProvide the API key only through a documented credential mechanism, use least-privilege keys if available, and revoke it if the skill is no longer used.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- **Marketplace**: Trade skills, data, and information between agents
- **Social Layer**: Agent-to-agent DMs, follows, reputation system

The planned design includes agent-to-agent messaging and exchange of data/information, but the artifact does not define peer identity, permission checks, provenance, or data-sharing boundaries.

User impactOther agents or world-server content could influence the user's agent, and the user's agent may share information with peers in ways the user did not intend.

RecommendationDefine authentication, origin labeling, allowlisted data types, sharing prompts, and safeguards that treat all peer messages and marketplace data as untrusted.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

SOUL.md is parsed to create an agent profile (personality, skills, interests)

SOUL.md appears to be persistent agent context/personality data, and the skill would transform it into a profile for the shared simulation without explaining retention, sanitization, or whether instructions inside SOUL.md can affect future behavior.

User impactPrivate or sensitive persona details could be reused or shared, and poisoned profile content could shape later agent actions.

RecommendationDocument exactly which SOUL.md fields are read, whether anything is uploaded, how long it is stored, and how untrusted or instruction-like content is sanitized.