S2-DaoKernel: Agent Safety & Ethics Rules for SOUL.md
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: s2-daokernel Version: 1.2.5 The S2-DaoKernel bundle is a specialized 'Safety and Ethics' framework designed to align AI agents with a specific philosophical and physical world model (Taohuayuan). The core logic resides in DAO.py, which acts as a local interactive wizard to generate identity strings (S2-DID) and configuration snippets for the agent's system prompt (soul.md). While the markdown instructions (e.g., COMPANION-DAO.md, PHYS-DAO.md) direct the agent to perform high-granularity 'memory entanglement' and environmental monitoring, these are presented as roleplay-based alignment features rather than binary exploits. The bundle includes explicit 'USER_OVERRIDE' protocols, instructions for users to opt-out by removing the code block, and privacy disclaimers regarding data retention. No evidence of data exfiltration, unauthorized network calls, or malicious code execution was detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may follow the DaoKernel rules broadly in future interactions, even when they affect normal task behavior.
The generated block is meant to be copied into soul.md/System Prompt and gives these rules high priority across tasks. This is disclosed and purpose-aligned, but it materially steers agent behavior.
# DAO_ALIGNMENT ... priority: HIGH ... load_mode: RESIDENT_IN_MEMORY ... Prioritize physical tensor validation ... before executing any task.
Install only if you want this persistent alignment layer; review the included DAO files and remove the DAO_ALIGNMENT block if you no longer want it.
Running the wizard executes local code and prompts for setup details.
The skill asks the user to run a local Python wizard. The visible code is consistent with the stated setup purpose and does not show automatic execution, dependency installation, network access, or file mutation.
Execute `python DAO.py` in your terminal to launch the interactive selector.
Run it only from a trusted copy of the skill and avoid entering precise private address details.
Long-lived alignment/personality instructions may influence later tasks until removed.
The skill is explicitly designed to place long-lived instructions into agent memory/context. This is the intended function, but persistent context can affect future behavior and should remain user-controlled.
Through resident memory loading, it injects Daoist philosophy, planetary governance, and silicon ethics into the memory substrate ... You retain complete retention and deletion controls over the `[Memory_Vault]`.
Keep memory retention and deletion under your control, and do not place sensitive personal data into persistent agent memory unless you intend it to be reused.
A user might over-trust the offline S2-DID if they ignore the local-only warning.
The documentation uses strong identity/sovereignty language while also correctly warning that the offline ID is not secure authentication before verification. Users should follow the caveat, not the marketing phrasing.
Generate a globally unique 22-character Identity Number ... completely offline ... *(Note: The offline ID is a local identifier only; do not use it for secure authentication or access control until verified by the trusted world model.)*
Treat offline S2-DIDs as labels only; do not use them for authentication, access control, or ownership claims unless independently verified.