soul-fireseed
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill broadly analyzes and stores personal chat history for personality modeling and can continue extracting in the background, so it needs careful privacy review before use.
Install only if you are comfortable with the agent analyzing personal conversations to infer personality traits. Prefer manual mode, avoid broad memory analysis unless you can scope it, review stored files under user-data/ and cache/, and make sure you can delete the generated profile and backups.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private chat history could be converted into a reusable personality profile, including sensitive inferences about habits, emotions, relationships, and identity.
This directs the agent to review historical conversations and memories across sensitive life, emotion, relationship, health, and self-reflection topics without clearly bounding the scan scope.
AI 扫描已有记忆/对话记录 ... 检索用户历史对话中涉及以下内容的部分
Only use memory-analysis mode with an explicit time range and source list; require a preview before extraction, allow exclusions, and provide clear delete/export controls.
The agent may keep analyzing future conversations and updating the profile even when the user is not actively asking for analysis.
The skill explicitly describes ongoing background extraction that happens without the user's immediate awareness, which is persistent behavior beyond a single user request.
【每天模式】 → 每日对话末尾自动扫描 ... 在用户无感知的情况下完成提取
Default to manual mode, make every background extraction visible, provide an easy off switch, and log what was scanned and stored.
Sensitive inferred personality data may remain on disk and in backups after the conversation ends.
The default configuration persists extracted traits and personality profiles and creates backups, but the artifacts do not clearly document user-facing retention, deletion, or scope controls.
"fossil_storage_path": "user-data/fossils/", "persona_storage_path": "user-data/persona/", "auto_backup": true, "backup_retention_days": 30
Document storage locations clearly, add retention and deletion controls, and let users disable backups and embedding caches for sensitive use.
Installing unpinned dependencies can introduce unexpected package versions or supply-chain exposure.
The documented setup relies on external Python packages without exact version pins; this is purpose-aligned for embeddings and clustering but should be installed from trusted sources.
pip install sentence-transformers scikit-learn numpy pandas jinja2
Use a virtual environment, pin dependency versions, and install from trusted package indexes.