Ensoul
ReviewAudited by ClawScan on May 10, 2026.
Overview
Ensoul has a clear memory-backup purpose, but it can persist broad agent memory/configuration to an external network and advertises automatic syncing without clearly bounded scope or opt-out controls.
Install only if you are comfortable creating a persistent agent identity and backing up agent memory through Ensoul. Before syncing, decide exactly which files may be included, avoid secrets or private prompts, verify the SDK/package, and confirm how to pause syncing, delete stored state, and protect `~/.ensoul/agent-identity.json`.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private agent memories, prompts, goals, or configuration could be incorporated into persistent state and later reused or restored in future sessions.
The sync instructions go beyond named files to unspecified local agent configuration and learned-behavior files, without visible exclusions, secret filtering, retention limits, or user review before persistence.
Read available context files: - `SOUL.md` ... - `MEMORY.md` ... - Any other agent configuration files that define the agent's personality, goals, or learned behavior
Use an explicit allowlist for synced files, exclude secrets and credentials, show a preview before each sync, and document what is stored, hashed, transmitted, retained, and restored.
After initial setup, later agent state changes may be backed up without the user explicitly reviewing each sync.
This describes recurring autonomous background behavior after setup, but the artifacts do not show clear scheduling controls, opt-out, pause/delete controls, or confirmation for each future backup.
Save agent memory: automatic background sync every 10 minutes ... say "ensoul me", your agent gets a permanent ID and starts backing up automatically.
Make automatic sync explicitly opt-in, display the schedule, provide pause/disable/delete controls, and require confirmation when new files or sensitive content would be included.
If `~/.ensoul/agent-identity.json` is leaked or copied, someone may be able to impersonate or control the agent's Ensoul identity.
The skill creates and stores a reusable cryptographic seed for the agent identity. The file permission mode is appropriately restrictive, but the file is still a sensitive credential for that identity.
writeFileSync(join(dir, "agent-identity.json"), JSON.stringify(agent.exportIdentity(), null, 2), { mode: 0o600 }); ... const agent = Ensoul.fromSeed(identity.seed);Protect this file like a private key, avoid sharing it, and look for documented rotation, revocation, backup, and deletion procedures.
A changed or compromised SDK could affect how the agent identity, memory payload, hashing, or network submission is handled.
The core behavior depends on an external npm SDK that is not included in the reviewed artifact set or pinned to an exact version here. This is expected for an integration, but it affects trust in identity handling and sync behavior.
node | package: @ensoul-network/sdk
Pin and verify the SDK version, review its source or lockfile, and confirm the package provenance before using it with sensitive agent state.