Back to plugin

Security audit

Soul

Security checks across malware telemetry and agentic risk

Overview

Soul is openly designed as an autonomous background memory agent, but it also profiles conversations, messages users proactively, and can be configured to run arbitrary commands without confirmation.

Review this carefully before installing. It is not clearly malicious, but it is intentionally always-on and autonomous. Keep autonomousActions off unless sandboxed, explicitly configure message channels and targets, monitor or clear Soul's stored memory, and avoid using it in sensitive workspaces unless you are comfortable with persistent profiling and background LLM/search activity.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:29
Evidence
const authToken = [REDACTED](opts.openclawConfig);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/action-executor.js:466
Evidence
authToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/autonomous-actions.js:24
Evidence
authToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/soul-llm.js:165
Evidence
const apiKey = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/soul-search.js:460
Evidence
const apiKey = [REDACTED](search);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/thought-service.js:218
Evidence
this.authToken = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:47
Evidence
const authToken = [REDACTED](opts.openclawConfig);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/action-executor.ts:566
Evidence
authToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/autonomous-actions.ts:49
Evidence
authToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/soul-search.ts:596
Evidence
const apiKey = [REDACTED](search)!;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/thought-service.ts:294
Evidence
this.authToken = [REDACTED];