Openclaw-superpowers workspace-integrity-guardian

Detects drift or tampering in SOUL.md, AGENTS.md, MEMORY.md, and other critical workspace files and prompts recovery

install

source · Clone the upstream repo

git clone https://github.com/ArchieIndian/openclaw-superpowers

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/ArchieIndian/openclaw-superpowers "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/openclaw-native/workspace-integrity-guardian" ~/.claude/skills/archieindian-openclaw-superpowers-workspace-integrity-guardian && rm -rf "$T"

OpenClaw · Install into ~/.openclaw/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/ArchieIndian/openclaw-superpowers "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/openclaw-native/workspace-integrity-guardian" ~/.openclaw/skills/archieindian-openclaw-superpowers-workspace-integrity-guardian && rm -rf "$T"

manifest: skills/openclaw-native/workspace-integrity-guardian/SKILL.md

source content

workspace-integrity-guardian

SOUL.md

AGENTS.md

MEMORY.md

, and

IDENTITY.md

define the agent's persistent identity. These files can be accidentally overwritten by the agent itself, corrupted during a failed skill execution, or modified by a malicious installed skill. The SOUL.md documentation warns: "A compromised SOUL.md means a permanently hijacked agent that survives restarts."

This skill hashes all critical workspace files on first run, then checks for drift on a weekly schedule and on demand.

Protected files

By default, the following files are monitored:

```
~/.openclaw/workspace/SOUL.md
```
```
~/.openclaw/workspace/AGENTS.md
```
```
~/.openclaw/workspace/MEMORY.md
```
```
~/.openclaw/workspace/IDENTITY.md
```

Add custom files:

python3 guard.py --add-file ~/.openclaw/workspace/MY_RULES.md

Cron Wakeup Behaviour

Runs weekly on Sunday at 03:00 (

cron: "0 3 * * 0"

). On each wakeup:

Read stored baseline hashes from state
Re-hash all monitored files
Compare — if any hash changed, classify the change
Surface drift to user; ask whether to accept or restore

Drift classification

Change type	Indicator	Action
Append-only	File grew, existing content intact	Review + accept
Truncation	File shrank significantly	High-priority alert
Full replacement	Hash completely different	Critical alert
Deletion	File missing	Attempt restore from baseline

Recovery protocol

When drift is detected:

Show a diff summary: what changed, how much, when (file mtime)
Ask user: "Accept this change?" or "Restore from baseline?"
If restore: write the baseline content back to the file
If accept: update the stored baseline hash to the new hash
Log the decision to state

Difference from persistent-memory-hygiene

persistent-memory-hygiene

enforces formatting and structure discipline in memory files (keeping them clean and useful). This skill is purely about integrity: detecting unauthorised or accidental changes to the agent's identity and configuration files.