Soul Dreaming
Security checks across malware telemetry and agentic risk
Overview
This is a coherent local memory-management skill, but it will persist and periodically edit project notes that may include sensitive security or configuration details.
Install this only if you want the agent to maintain persistent local memory for the workspace. Review the memory directory periodically, avoid storing passwords or secret values, and approve any scheduled heartbeat/cron-style maintenance before enabling it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive project context, configuration clues, or credential locations could remain in local memory files and be reused in future sessions.
The skill intentionally persists potentially sensitive security and credential-location information into local memory. This is aligned with its memory purpose, but it needs user awareness and redaction discipline.
- [ ] A security-relevant finding or credential location is noted ... write it down NOW.
Use the skill only for workspaces where persistent memory is acceptable; avoid storing secret values, redact sensitive details, and periodically review the memory folder.
Memory files may be updated or cleaned during periodic routines rather than only during direct user requests.
The documentation encourages recurring memory maintenance. It is disclosed and purpose-aligned, but scheduled/heartbeat behavior can modify memory files outside a single explicit user request if configured.
Every HEARTBEAT if the session produced new information ... Weekly (configure via HEARTBEAT or cron).
Keep any heartbeat or cron-style use explicitly user-approved, visible, and limited to this skill’s memory directory.
Old or duplicate memory entries may be archived or removed, which could affect what the agent remembers later.
The skill instructs the agent to mutate, archive, and delete entries in its own memory files. This is scoped to the memory system and supports the stated purpose, but it can still change or remove saved context.
Move to `memory/archive/YYYY-MM.md`; Remove from source file ... Delete duplicates.
Review important memory files or keep version control/backups if the retained history matters.