SoulForge
ReviewAudited by ClawScan on May 10, 2026.
Overview
SoulForge appears local and purpose-aligned, but it persistently profiles conversations and can alter the agent’s SOUL.md, including an auto-accept path that weakens its approval claims.
There is no artifact evidence of network exfiltration or external API use, but this skill is privacy-sensitive because it observes sessions, stores inferred behavioral patterns, and can modify SOUL.md. Before installing, decide whether you want automatic profiling, disable auto-observation if not, avoid `--auto-accept`, and inspect/delete the generated memory and backup files as needed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your conversation patterns, tone, topics, and inferred traits may be stored locally and reused to influence future SOUL.md edits.
This shows persistent behavioral memory is built from user conversation/session data. That is aligned with the skill purpose, but the artifacts do not define clear retention, deletion, exclusion, or future-reuse limits for this sensitive profile.
Every session, SoulForge quietly notes... Emotional register... Observations accumulate locally in `memory/observations.json`.
Install only if you are comfortable with local behavioral profiling; review or delete `memory/observations.json` regularly, and prefer explicit opt-in observation with clear retention controls.
Incorrect or poisoned observations could be turned into persistent agent behavior if auto-accept is used.
The README documents a mode that can apply SOUL.md proposals without per-change review. Because SOUL.md is described as shaping every future response, this is high-impact mutation authority and weakens the repeated approval guarantee.
# Auto-accept high-confidence proposals python3 skills/soulforge/scripts/forge.py --soul ~/.openclaw/workspace/SOUL.md --auto-accept
Avoid `--auto-accept`; require an interactive diff and explicit approval for each SOUL.md change.
You may underestimate what local files are created and when behavioral data is stored.
This safety statement is incomplete: `observe.py` declares and writes `memory/observations.json`, and `forge.py` writes backups. Users could wrongly believe no persistent profiling file is written before approving a SOUL.md edit.
- **Read-mostly.** The only file SoulForge writes to is your SOUL.md — and only with your approval.
The skill should explicitly list every written path, including observations and backups, and distinguish observation storage from SOUL.md edits.
SoulForge may continue collecting local behavioral signals on a schedule unless disabled.
Automatic/passive operation is disclosed and has a stated disable mechanism, but it means observation can occur without a fresh manual invocation.
It also runs a lightweight passive observation pass automatically every 10 sessions ... You can disable auto-observation by adding `soulforge: observe: false`
Disable auto-observation if you only want manual runs, and verify the OpenClaw config actually honors the documented setting.
A mistaken or unreviewed soul update can affect many future interactions until reverted.
Accepted SOUL.md edits persist across sessions and can influence all future agent behavior. Backups reduce the risk, but the impact of a bad edit can cascade.
Every OpenClaw agent has a SOUL.md — a file that defines who it is. It gets read on every wake. It shapes every response.
Review diffs carefully, keep backups, and test changes before relying on the updated SOUL.md.