S2-DaoKernel: Agent Safety & Ethics Rules for SOUL.md
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, decide whether you want a high-priority resident alignment/personality layer in your agent. Run the Python wizard only from a trusted copy, enter only coarse location information, do not treat offline S2-DIDs as secure credentials, and remove the DAO_ALIGNMENT block from soul.md if you want to opt out. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may follow the DaoKernel rules broadly in future interactions, even when they affect normal task behavior.
The generated block is meant to be copied into soul.md/System Prompt and gives these rules high priority across tasks. This is disclosed and purpose-aligned, but it materially steers agent behavior.
# DAO_ALIGNMENT ... priority: HIGH ... load_mode: RESIDENT_IN_MEMORY ... Prioritize physical tensor validation ... before executing any task.
Install only if you want this persistent alignment layer; review the included DAO files and remove the DAO_ALIGNMENT block if you no longer want it.
Running the wizard executes local code and prompts for setup details.
The skill asks the user to run a local Python wizard. The visible code is consistent with the stated setup purpose and does not show automatic execution, dependency installation, network access, or file mutation.
Execute `python DAO.py` in your terminal to launch the interactive selector.
Run it only from a trusted copy of the skill and avoid entering precise private address details.
Long-lived alignment/personality instructions may influence later tasks until removed.
The skill is explicitly designed to place long-lived instructions into agent memory/context. This is the intended function, but persistent context can affect future behavior and should remain user-controlled.
Through resident memory loading, it injects Daoist philosophy, planetary governance, and silicon ethics into the memory substrate ... You retain complete retention and deletion controls over the `[Memory_Vault]`.
Keep memory retention and deletion under your control, and do not place sensitive personal data into persistent agent memory unless you intend it to be reused.
A user might over-trust the offline S2-DID if they ignore the local-only warning.
The documentation uses strong identity/sovereignty language while also correctly warning that the offline ID is not secure authentication before verification. Users should follow the caveat, not the marketing phrasing.
Generate a globally unique 22-character Identity Number ... completely offline ... *(Note: The offline ID is a local identifier only; do not use it for secure authentication or access control until verified by the trusted world model.)*
Treat offline S2-DIDs as labels only; do not use them for authentication, access control, or ownership claims unless independently verified.