SOULSCAN™

AI Agent Persona Security Scanner

Who's scanning your agent's soul?

Your agent's skills are scanned. But the persona files that shape its behavior? SoulScan verifies AI persona packages for security, integrity, and quality.

Try SoulScan Online View Rules on GitHub

Scan from your terminal:

$ npx clawsouls soulscan ./my-soul/

5-Stage Security Pipeline

📋

Stage 1: Schema Validation

Verifies soul.json structure — required fields, valid license, spec version.

📁

Stage 2: File Structure Check

Validates file types, size limits (100KB/file, 1MB total), and recommended files.

🔒

Stage 3: Security Scan

53 pattern checks: prompt injection (8 languages), code execution, XSS, secrets, PII.

✨

Stage 4: Content Quality

SOUL.md length, description quality, tag completeness, minimum quality bar.

🎭

Stage 5: Persona Consistency

Cross-validates SOUL.md, IDENTITY.md, and soul.json — name mismatches, contradictory tones.

What SoulScan Catches

✓ Prompt injection (8 languages)

✓ Code execution (eval, exec, system)

✓ XSS & HTML injection

✓ Secret/API key detection

✓ PII detection (context-aware)

✓ Harmful content (hate, CSAM)

✓ Privilege escalation (sudo, chmod)

✓ Social engineering patterns

✓ Persona consistency verification

✓ File integrity (SHA-256)

SOULSCAN™

Who's scanning your agent's soul?

5-Stage Security Pipeline

What SoulScan Catches

Scoring System