← Back to Scanner

soul-guardian Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

soul-guardian is an AI agent skill, created by davida-ps and published at openclaw/skills. ClawSecure audited soul-guardian across 10 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 16 findings concentrate in Malicious Code, Command Injection and Policy Violation, including Dangerous combination of code execution and system commands in... and Pattern detected: subprocess.run(["/bin/launchctl", "bootstrap",.... 14 were rated high or critical severity.

Is soul-guardian safe?

ClawSecure audited soul-guardian and assigned a security score of 0/100 (High Risk), identifying 16 findings across Malicious Code and Command Injection. Review the findings below before installing.

What did ClawSecure find in soul-guardian?

ClawSecure identified 16 findings in soul-guardian, concentrated in Malicious Code, Command Injection and Policy Violation. 14 were rated high or critical severity. The most severe include Dangerous combination of code execution and system commands in... and Pattern detected: subprocess.run(["/bin/launchctl", "bootstrap",....

How was soul-guardian audited?

ClawSecure ran soul-guardian through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 10 files from openclaw/skills.

What does a score of 0 mean?

ClawSecure assigned soul-guardian a security score of 0/100, placing it in the High Risk range. This is driven by 16 findings led by Malicious Code that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for soul-guardian

ClawSecure detected 16 security findings in soul-guardian, spanning Malicious Code, Command Injection, Policy Violation and Permissions Manifest.

Showing the 12 highest-severity of 16 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for soul-guardian

Audit external network connections
soul-guardian connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.
Harden command execution
soul-guardian constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Resolve policy violations
soul-guardian trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.

Related Security Research

ClawHavoc Explained: The Malware Family Targeting AI AgentsBeyond Static Scans: Why ClawSecure Verifies Agentic Intent

Related AI Agent Security Audits

6bc837afc1a86e89Score 0/100understand-anythingScore 0/100memory-lancedb-proScore 0/10062ac696296b54aadScore 0/100gstackScore 0/100

Scanned on April 16, 2026. soul-guardian is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan