Agent Autonomy Kit 1.0.0
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is openly designed to make agents run scheduled work without prompts, but its broad autonomy, persistence, and shared task state need careful review.
Install this only if you intentionally want a persistent autonomous-agent workflow. Before enabling cron or frequent heartbeats, restrict the task queue to safe pre-approved work, protect the queue and memory files, verify the GitHub source, use trusted private team channels, and require human approval for any action that changes important data, accounts, deployments, public content, or other agents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may keep acting on queued work in the background after the user stops interacting with it.
The skill explicitly instructs users to create scheduled autonomous agent work sessions, including overnight work and daily reports, which continue outside the immediate user interaction.
These run automatically — no human prompt needed.
Only enable the cron/heartbeat setup for tightly scoped, low-risk tasks; add explicit stop conditions and require human confirmation for external posts, account changes, deletes, deployments, or spawning more agents.
If the task queue contains an unsafe or overly broad task, the agent could act on it using whatever tools are available before a human reviews it.
The heartbeat workflow authorizes the agent to repeatedly execute whatever tasks are marked ready, but the artifacts do not define clear safety boundaries, approval gates, or rollback expectations for high-impact actions.
Read `tasks/QUEUE.md` ... Do meaningful work on it ... If time/tokens remain, pick another task
Keep the queue limited to pre-approved task types and add explicit rules requiring human approval before modifying important files, using accounts, posting externally, deploying, deleting, purchasing, or changing configuration.
A mistaken, stale, or unauthorized task entry could persist and drive future autonomous work across sessions or agents.
The shared persistent task queue becomes future execution context, and the skill allows agents to add tasks that later autonomous heartbeats may trust and execute.
Any agent can pick up a "Ready" task ... Add new tasks as you discover them
Protect task and memory files, record task origin, review new tasks before they become Ready, and separate untrusted notes from executable instructions.
Task status, findings, or handoffs may be shared to Discord/Slack channels if the user enables that setup.
The skill discloses optional team-channel communication, which is purpose-aligned but can expose task details or rely on unclear channel membership if configured loosely.
Agents communicate through Discord (or configured channel): - Progress updates - Handoffs
Use only trusted private channels, avoid sending sensitive data in status updates, and verify channel permissions before enabling team coordination.
A user could clone or trust the wrong repository if they do not verify the source.
The README recommends cloning a Reflectt repository while the supplied skill metadata/SKILL homepage points to a different GitHub owner, making the intended upstream provenance unclear.
git clone https://github.com/reflectt/agent-autonomy-kit.git skills/agent-autonomy-kit
Confirm the intended GitHub repository and publisher before cloning or installing anything beyond the reviewed artifact set.