← Back to Skills Marketplace
995
Downloads
1
Stars
1
Active Installs
25
Versions
Install in OpenClaw
/install soulforge
Description
Run high-signal autonomous coding loops with Soulforge (feature-dev/bugfix/review-loop) using strict worktree isolation, review gates, and scoped fix cycles.
Usage Guidance
This is a coherent operator playbook, not a payload installer, but you should: (1) ensure the soulforge binary you run is from a trusted distribution (the skill does not install it), (2) have gh authenticated locally if you expect PR creation to work, (3) avoid passing untrusted input directly into shell callback wrappers — prefer handlers that accept callback bodies via stdin or files rather than interpolating {{callback_message}} into shell arguments, and (4) follow the advice in the SKILL.md to always run in isolated worktrees. If you need higher assurance, request the provenance (download/source) for the soulforge binary before using this skill in sensitive repos.
Capability Analysis
Type: OpenClaw Skill
Name: soulforge
Version: 2.0.1
The 'soulforge' skill is a playbook for managing autonomous coding workflows using the Soulforge and GitHub CLIs. It includes strong security guidance, explicitly warning against shell injection and prompt injection while emphasizing the use of isolated git worktrees for safety. The files (SKILL.md and references/workflow-format.md) focus on operational best practices and do not contain any malicious code, data exfiltration patterns, or unauthorized execution logic.
Capability Assessment
Purpose & Capability
The name/description match the requested binaries and examples. Requiring 'soulforge' (the orchestration CLI) and 'gh' (used for PR creation) is proportional to the stated goal of running feature/bugfix/review loops.
Instruction Scope
The SKILL.md stays on-topic and repeatedly warns operators not to embed secrets or untrusted text into shell snippets. However, examples use --callback-exec with template variables such as {{callback_message}}; if an operator wires those into a shell wrapper unsafely, it could enable command-injection or data exfiltration. The skill itself documents the correct safety boundaries, but safe operator practices are required.
Install Mechanism
No install spec is provided (instruction-only), so nothing will be downloaded or written by the skill package itself. This is the lowest-risk install model.
Credentials
No environment variables or credentials are requested by the skill. Usage of 'gh' implies the operator must have configured GitHub auth locally, which is appropriate and not requested by the skill itself.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed by default for skills and is not a red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install soulforge - After installation, invoke the skill by name or use
/soulforge - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
Release v2.0.1 — see CHANGELOG.md
v1.4.1
Release v1.4.1 — see CHANGELOG.md
v1.4.0
Release v1.4.0 — see CHANGELOG.md
v1.3.0
Release v1.3.0 — see CHANGELOG.md
v1.2.0
Release v1.2.0 — see CHANGELOG.md
v1.1.0
Release v1.1.0 — see CHANGELOG.md
v1.0.1
Release v1.0.1 — see CHANGELOG.md
v1.0.0
Release v1.0.0 — see CHANGELOG.md
v0.9.0
Release v0.9.0 — see CHANGELOG.md
v0.8.2
Release v0.8.2 — see CHANGELOG.md
v0.8.1
Release v0.8.1 — see CHANGELOG.md
v0.8.0
Release v0.8.0 — see CHANGELOG.md
v0.7.0
soulforge 0.7.0
- Added repository metadata and explicit prerequisite bins (now includes GitHub CLI requirement).
- Enhanced security documentation: clarified what is sent externally to model providers, callbacks, and GitHub.
- Clarified worktree and `--workdir`/`--no-worktree` behaviors and Mutual Exclusivity.
- Documented per-step callback events (`notify`) and templated callback bodies.
- Updated and expanded running workflow descriptions and checkpoint/review logic.
- Added conventions for GitHub issue specs and warning not to expose secrets via callbacks.
v0.6.0
Added codex-cli executor, --executor flag override, --no-callback, auto-start daemon, SOULFORGE_DATA_DIR env var, bare+worktree layout fix
v0.5.2
Address ClawHub security scan: declare gh/codex dependencies, add repository URL, add Security & Data Flow section.
v0.5.1
Address ClawHub security scan: declare gh/codex dependencies, add repository URL, add Security & Data Flow section documenting what data goes where.
v0.5.0
Per-step callback notifications: notify field on workflow steps (on_complete, on_waiting, on_fail), workflow-level defaults.notify, --callback-url required with --no-callback opt-out, step_id/step_status template vars.
v0.4.0
v0.4.0 — Fixed loop step completion (#15) and progress file location (#12)
v0.3.2
Restore original language — VirusTotal flag was a ClawHub display bug (0/54 clean). Filed openclaw/clawhub#379.
v0.3.1
Soften language to reduce VirusTotal false positive: remove daemon/Bearer token patterns from examples
Metadata
Frequently Asked Questions
What is Soulforge?
Run high-signal autonomous coding loops with Soulforge (feature-dev/bugfix/review-loop) using strict worktree isolation, review gates, and scoped fix cycles. It is an AI Agent Skill for Claude Code / OpenClaw, with 995 downloads so far.
How do I install Soulforge?
Run "/install soulforge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Soulforge free?
Yes, Soulforge is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Soulforge support?
Soulforge is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Soulforge?
It is built and maintained by jamesrp13 (@jamesrp13); the current version is v2.0.1.
More Skills