gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3c703aea66554bae822e7e0774f3ba10427332f
clawsec/skills/soul-guardian/SKILL.md
T
David Abutbul d3c703aea6 ClawSec init
2026-02-05 21:58:23 +02:00

3.4 KiB
Raw Blame History

name, version, description, homepage, metadata, clawdis
name version description homepage metadata clawdis
soul-guardian 0.0.1 Drift detection + baseline integrity guard for an agent workspace's auto-loaded prompt/instruction markdown files (SOUL.md, AGENTS.md, etc.), with per-file policies, tamper-evident audit logging, and optional auto-restore. https://clawsec.prompt.security
openclaw
emoji category
👻 security
emoji requires
👻
bins
python3

soul-guardian

Use this skill to detect and respond to unexpected edits in the workspace files that the agent auto-loads.

Installation Options

You can get soul-guardian in two ways:

Option A: Bundled with ClawSec Suite (Recommended)

If you've installed clawsec-suite, you may already have this!

Soul-guardian is bundled alongside ClawSec Suite to provide file integrity and drift detection capabilities. When you install the suite, if you don't already have soul-guardian installed, it will be deployed from the bundled copy.

Advantages:

  • Convenient - no separate download needed
  • Standard location - installed to ~/.openclaw/skills/soul-guardian/
  • Preserved - if you already have soul-guardian installed, it won't be overwritten
  • Single verification - integrity checked as part of suite package

Option B: Standalone Installation (This Page)

Install soul-guardian independently without the full suite.

When to use standalone:

  • You only need file integrity monitoring (not other suite components)
  • You want to install before installing the suite
  • You prefer explicit control over soul-guardian installation

Advantages:

  • Lighter weight installation
  • Independent from suite
  • Direct control over installation process

Continue below for standalone installation instructions.

What it protects (default policy)

  • Auto-restore + alert: SOUL.md, AGENTS.md
  • Alert-only: USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md, MEMORY.md
  • Ignored by default: memory/*.md (daily notes)

Policy is stored in the guardian state directory as policy.json.

Quick start (first run)

Recommended: onboard an external state dir, then initialize baselines there.

python3 skills/soul-guardian/scripts/onboard_state_dir.py --agent-id <agentId>
python3 skills/soul-guardian/scripts/soul_guardian.py --state-dir ~/.clawdbot/soul-guardian/<agentId> init --actor sam --note "first baseline"

(Full step-by-step + scheduling options are in README.md.)

Commands

Run from the agent workspace root:

python3 skills/soul-guardian/scripts/soul_guardian.py status
python3 skills/soul-guardian/scripts/soul_guardian.py check
python3 skills/soul-guardian/scripts/soul_guardian.py check --no-restore
python3 skills/soul-guardian/scripts/soul_guardian.py approve --file SOUL.md
python3 skills/soul-guardian/scripts/soul_guardian.py restore --file SOUL.md
python3 skills/soul-guardian/scripts/soul_guardian.py verify-audit

State directory

  • Default (backward compatible): memory/soul-guardian/
  • Recommended external override:
python3 skills/soul-guardian/scripts/soul_guardian.py --state-dir ~/.clawdbot/soul-guardian/<agentId> check

Cron pattern

Keep the existing gateway cron pattern: run check every N minutes and notify only when drift is detected.

For onboarding/migration to an external state directory, see README.md and:

python3 skills/soul-guardian/scripts/onboard_state_dir.py
Reference in New Issue View Git Blame Copy Permalink