A filesystem integrity monitor for your agent's core configuration files. It watches SOUL.md, AGENTS.md, and other workspace files for unauthorized changes, auto-restores critical ones to their approved baseline, and generates security alerts you can wire into your heartbeat workflow. The audit log is hash-chained for tamper evidence, and it refuses to touch symlinks. Useful if you're running long-lived agents and want to catch prompt injection attempts or accidental overwrites before they cause problems. The alerting output is designed to be relayed directly to users, so you can integrate it without writing parsing logic. Requires Python 3 and assumes you're okay with automatic file restoration on drift.
npx skills add https://github.com/prompt-security/clawsec --skill soul-guardian