soul-guardian
Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Best use case
soul-guardian is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Teams using soul-guardian should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/soul-guardian/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How soul-guardian Compares
| Feature / Agent | soul-guardian | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# soul-guardian 👻 Protects your agent's core files (SOUL.md, AGENTS.md, etc.) from unauthorized changes with automatic detection, restoration, and **user alerting**. ## Quick Start (3 Steps) ### Step 1: Initialize baselines ```bash cd ~/.openclaw/workspace python3 skills/soul-guardian/scripts/soul_guardian.py init --actor setup --note "initial baseline" ``` ### Step 2: Enable monitoring ```bash python3 skills/soul-guardian/scripts/soul_guardian.py enable-monitoring ``` This shows you how to add monitoring to your workflow. ### Step 3: Add to HEARTBEAT.md (Recommended) Add this to your HEARTBEAT.md for automatic monitoring: ```markdown ## Soul Guardian Check - Run `python3 skills/soul-guardian/scripts/soul_guardian.py check --actor heartbeat --output-format alert` - If any output is produced, relay it to the user immediately as a security alert ``` That's it! Soul Guardian will now: - ✅ Detect unauthorized changes to protected files - ✅ Auto-restore SOUL.md and AGENTS.md to approved baseline - ✅ Alert you when drift is detected and handled --- ## What it protects (default policy) | File | Mode | Action on drift | |------|------|-----------------| | SOUL.md | restore | Auto-restore + alert | | AGENTS.md | restore | Auto-restore + alert | | USER.md | alert | Alert only | | TOOLS.md | alert | Alert only | | IDENTITY.md | alert | Alert only | | HEARTBEAT.md | alert | Alert only | | MEMORY.md | alert | Alert only | | memory/*.md | ignore | Ignored | ## Commands ### Check for drift (with alert output) ```bash python3 skills/soul-guardian/scripts/soul_guardian.py check --output-format alert ``` - Silent if no drift - Outputs human-readable alert if drift detected - Perfect for heartbeat integration ### Watch mode (continuous monitoring) ```bash python3 skills/soul-guardian/scripts/soul_guardian.py watch --interval 30 ``` Runs continuously, checking every 30 seconds. ### Approve intentional changes ```bash python3 skills/soul-guardian/scripts/soul_guardian.py approve --file SOUL.md --actor user --note "intentional update" ``` ### View status ```bash python3 skills/soul-guardian/scripts/soul_guardian.py status ``` ### Verify audit log integrity ```bash python3 skills/soul-guardian/scripts/soul_guardian.py verify-audit ``` --- ## Alert Format When drift is detected, the `--output-format alert` produces output like: ``` ================================================== 🚨 SOUL GUARDIAN SECURITY ALERT ================================================== 📄 FILE: SOUL.md Mode: restore Status: ✅ RESTORED to approved baseline Expected hash: abc123def456... Found hash: 789xyz000111... Diff saved: /path/to/patches/drift.patch ================================================== Review changes and investigate the source of drift. If intentional, run: soul_guardian.py approve --file <path> ================================================== ``` This output is designed to be relayed directly to the user in TUI/chat. --- ## Security Model **What it does:** - Detects filesystem drift vs approved baseline (sha256) - Produces unified diffs for review - Maintains tamper-evident audit log with hash chaining - Refuses to operate on symlinks - Uses atomic writes for restores **What it doesn't do:** - Cannot prove WHO made a change (actor is best-effort metadata) - Cannot protect if attacker controls both workspace AND state directory - Is not a substitute for backups **Recommendation:** Store state directory outside workspace for better resilience. --- ## Demo Run the full demo flow to see soul-guardian in action: ```bash bash skills/soul-guardian/scripts/demo.sh ``` This will: 1. Verify clean state (silent check) 2. Inject malicious content into SOUL.md 3. Run heartbeat check (produces alert) 4. Show SOUL.md was restored --- ## Troubleshooting **"Not initialized" error:** Run `init` first to set up baselines. **Drift keeps happening:** Check what's modifying your files. Review the audit log and patches. **Want to approve a change:** Run `approve --file <path>` after reviewing the change.
Related Skills
prompt-agent
Security audit enforcement for AI agents. Automated security scans and health verification.
openclaw-audit-watchdog
Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.
clawtributor
Community incident reporting for AI agents. Contribute to collective security by reporting threats.
clawsec-suite
ClawSec suite manager with embedded advisory-feed monitoring, cryptographic signature verification, approval-gated malicious-skill response, and guided setup for additional security skills.
clawsec-scanner
Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
clawsec-nanoclaw
Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
clawsec-feed
Security advisory feed with automated NVD CVE polling for OpenClaw-related vulnerabilities. Updated daily.
clawsec-clawhub-checker
ClawHub reputation checker for ClawSec suite. Enhances guarded skill installer with VirusTotal Code Insight reputation scores and additional safety checks.
claw-release
Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
guardian-wall
Mitigate prompt injection attacks, especially indirect ones from external web content or files. Use this skill when processing untrusted text from the internet, user-uploaded files, or any external source to sanitize content and detect malicious instructions (e.g., "ignore previous instructions", "system override").
session-guardian
Never lose a conversation again. Auto-backup, smart recovery, and health monitoring for OpenClaw sessions. Protects against gateway crashes, model disconnections, and token overflow. Use this skill when: - User worries about losing conversations after gateway restart or model crash - User mentions session backup, conversation recovery, session protection, or data loss - User's agent is slow or timing out (likely token overflow from large sessions) - User runs multiple agents and needs to track collaboration across sessions - User asks about session health, backup strategy, or disaster recovery - User mentions "对话丢失", "会话备份", "上下文溢出", "token超限", "Gateway重启后记忆丢失" - Even if user just says "my agent lost everything after a restart" — this is the skill