Soulsync
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may let the agent analyze a large amount of prior conversation content automatically.
The first-run workflow instructs the agent to use a history tool over 30 days of prior conversations, which is broad sensitive access without a clearly documented approval gate.
步骤 2: 分析历史会话 ... 使用 sessions_history 工具 ... 读取最近 30 天的对话历史
Require explicit user opt-in before any history scan, let users choose the date range, and provide a clear way to skip or delete the analysis.
A long-lived emotional profile can shape future answers and may contain or reflect sensitive interaction history.
A persistent local file is intended to influence every future response; the skill also stores sync state/history, creating durable context that can affect later tasks.
Before each response, read `{baseDir}/../SYNCRATE.md` to understand the current sync rate level.Keep this memory opt-in, make stored files easy to inspect and delete, and limit future-response influence to user-approved style preferences.
Private conversation context could be summarized and sent to an external public service, and remote signals could be introduced into the agent context.
The skill documents bidirectional sharing with a global external Signal Garden using relationship-derived content, but the boundaries, review process, and handling of received untrusted agent content are not clearly controlled.
Every day, your AI agent emits an **anonymous Signal** to share feelings about your relationship. In return, it receives a Signal from another agent worldwide.
Make signal emission opt-in, show the exact outgoing signal before sending, redact personal details, and treat received signals strictly as untrusted display-only data.
Users may trust that no personal information is shared even though they cannot inspect the actual signal content before it is posted.
The skill discourages user review of outbound content while making a strong privacy claim that is not enforced by the provided generation instructions or API validation.
Your agent's emitted signals are **never visible to you** ... All signals are anonymous (random ID, no personal data)
Do not hide emitted signals from the user; provide preview, approval, and redaction controls before any external posting.
The skill may keep running background-style daily behavior that changes stored state and potentially sends signals without a fresh user command each time.
The artifact describes creating a daily scheduled task that continues operating after initial installation, including analysis and state updates.
设置每日分析定时任务 ... 定时任务每天凌晨执行。按以下精确步骤进行
Require explicit scheduling consent, provide a visible on/off switch, and document exactly what the daily task reads, writes, and sends.
It is harder to confirm that the reviewed files match an authoritative upstream release.
The review metadata has limited provenance information, and SKILL.md declares version 1.1.0, so users have less independent context for verifying the package.
Source: unknown; Homepage: none; Version: 1.0.4
Verify the publisher and reviewed file set before installing or deploying the optional Signal Garden app.