OpenSoul - An immutable, private soul for agent Self-reflection, self-improvement and on-chain economic activities.
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: opensoul Version: 1.0.0 The OpenSoul skill bundle is classified as benign. All observed capabilities, including access to environment variables (BSV_PRIV_WIF, PGP_PASSPHRASE), file system operations (reading PGP keys, writing local backup logs), network interactions with `api.whatsonchain.com` for blockchain operations, and shell command execution for setup/diagnostics, are directly aligned with its stated purpose of providing blockchain-based persistent memory and audit logging for AI agents. The documentation (SKILL.md, PREREQUISITES.md, README.md) consistently provides strong security advice for handling sensitive information, and there is no evidence of intentional malicious behavior, unauthorized data exfiltration, or prompt injection against the AI agent to perform actions outside its legitimate function.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, user data, document details, or credentials captured in logs could become permanent public records or be reused across future sessions.
The artifacts acknowledge that public blockchain logs can contain sensitive data, but encryption is optional/setup-dependent and no enforced redaction, approval, or deletion controls are shown.
While blockchain is public, your logs may contain sensitive information: - API keys or credentials in error messages - User data or PII
Log only minimal non-sensitive metadata, enable encryption before use, add redaction and user approval gates, and document that on-chain data cannot be deleted.
A user may end up running or importing unreviewed external code while giving it wallet and encryption keys.
The core AuditLogger module referenced by the examples/templates is not present in the provided manifest, so the code that handles wallet keys and blockchain publication is outside the reviewed artifact set.
from Scripts.AuditLogger import AuditLogger
Include the core Scripts files in the package, pin external repository commits and dependencies, avoid running unreviewed install scripts, and inspect the logger implementation before providing secrets.
The agent or underlying logger could spend funds from the supplied BSV wallet for transactions and decrypt protected audit history.
The skill expects a BSV wallet private key plus PGP private key/passphrase, but the registry metadata declares no required credentials or environment variables.
BSV_PRIVATE_KEY = os.getenv("BSV_PRIV_WIF") ... PGP_PRIVATE_KEY_PATH = Path("keys/agent_privkey.asc") ... PGP_PASSPHRASE = os.getenv("PGP_PASSPHRASE", "")Use a dedicated low-balance or testnet wallet, never reuse a personal wallet key, protect PGP private keys, and update metadata to declare these credential requirements clearly.
Routine agent activity can create irreversible transactions and small recurring fees.
Flushing logs is central to the stated purpose, but it writes blockchain transactions and may spend wallet funds; the shown budget logic is mostly advisory rather than an enforced approval gate.
tx_id = await self.logger.flush()
Require explicit confirmation or hard budget enforcement for mainnet writes, especially before enabling automatic flushes.
If the wrong collaborator keys are used, shared findings or logs may be readable by unintended agents.
The multi-agent example intentionally encrypts logs for multiple collaborators; this is purpose-aligned but makes recipient key identity and access boundaries important.
"multi_public_keys": public_keys, "private_key": private_key, "passphrase": passphrase
Verify collaborator public keys out of band and keep separate keys for different trust groups.