soulflow

SoulFlow's stated purpose (automating multi-step workflows in isolated agent sessions) matches the capabilities described, but those capabilities are broad and high-risk. The skill requires reading and modifying the gateway config and explicitly copies existing authProfiles into a newly created worker agent with full tool access. That design intentionally grants the worker the same external credentials and arbitrary exec/read/write permissions, enabling potentially dangerous actions including credential misuse, data exfiltration, and unauthorized operations on external services. There is no direct evidence in the provided SKILL.md of obfuscated or covert network calls or remote download-execute payloads, but the credential-forwarding and config-modification behaviors are sufficient to classify this as a significant supply-chain/security risk unless the code is audited and workflows are strictly validated. Only install and use SoulFlow if you fully trust the repository and review the implementation; run in isolated environments and avoid granting it production credentials.