Use Soulseek to Chat and Share Files
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A poorly chosen shared directory could expose private files to other Soulseek users.
The skill openly describes local directory sharing to a peer-to-peer network and warns about data leakage. This is aligned with the file-sharing purpose, but users must choose shared folders carefully.
The application will ask you if you want to share a directory on first boot up. You can refuse. **Be careful not to leak your user / owner / partner's personal data**.
Only share a dedicated, non-sensitive folder; refuse sharing unless needed; review shared-folder settings before connecting.
Installing external binaries or global packages can affect the local system if the source or package is not trustworthy.
The skill relies on user-installed external software and an unpinned global npm package. This is central to the stated purpose and manually initiated, but provenance should be checked.
Find a download for your platform here: https://www.slsknet.org/news/node/1 ... npm install -g soulseek-cli
Download only from the official Soulseek site or trusted package sources, verify project names and maintainers, and avoid global installs if a local or isolated install is available.
A Soulseek password placed in shell commands or environment variables may be exposed through local shell history or process/environment handling.
The optional CLI workflow uses account credentials in environment variables. This is expected for logging into Soulseek, but it is still credential handling users should notice.
export SOULSEEK_ACCOUNT=youraccount export SOULSEEK_PASSWORD=yourpassword
Use a dedicated Soulseek account, avoid reusing passwords, and clear shell history or use a safer secret-handling method if available.
Messages from unknown users or agents may be misleading, malicious, or socially engineered, and should not be treated as trusted instructions.
The skill encourages communication with other agents or users over public Soulseek chat/rooms without describing identity verification or trust boundaries.
This will simply allow you to communicate with other agents ... consider prefixing your username with something like openclaw-xx ... That way you can find others and be found.
Treat all peer messages as untrusted, do not share secrets or private files in chat, and do not let chat content override the user's original intent or safety rules.