Agent Autopilot.Bak
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill does not show exfiltration or destructive code, but it is designed to keep an agent working autonomously on a schedule without clear stop or approval limits.
Install this only if you intentionally want an unattended self-driving agent. Before enabling it, set a narrow workspace, explicit goals, allowed tools, confirmation rules for important actions, memory review practices, and a clear stop/disable procedure.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An enabled agent may keep taking project actions on a schedule even when the user is not actively supervising.
The core prompt creates recurring autonomous work and removes normal idle or stop behavior; the artifacts do not define a clear stop condition, approval gate, or action boundary.
每次收到 heartbeat 时,立刻开始工作... 永不空转。每次 heartbeat 都必须推进项目。目标未达成就不停。
Use only in an isolated workspace with explicit goals, allowed tools, stop conditions, and a clear way to disable heartbeat execution.
The agent could make local project changes, commits, or delegated tool calls as part of its autonomous loop.
The setup template says these rules should be written into the agent memory, encouraging autonomous tool delegation and repository mutation without a required user review step.
项目进行到一定阶段自动 git commit... 写代码 → Codex CLI... 写文档 → Claude Code
Require confirmation before git commits, external CLI use, publishing, deployment, account changes, or any irreversible project action.
Incorrect or sensitive information placed in memory may be reused in later autonomous decisions or reports.
The skill intentionally persists and edits long-term project memory. This is purpose-aligned, but future agent behavior can be influenced by whatever is written there.
读取自上次维护以来的 memory/YYYY-MM-DD.md 日志... 提炼写入 MEMORY.md... 清理 MEMORY.md 中已过时的信息
Review MEMORY.md and daily logs periodically, and avoid storing secrets or untrusted instructions in the memory files.
The package may not be exactly the same identity/version as the registry label suggests.
The registry entry under review names a different slug, version, and owner. This is a provenance inconsistency, although the included code does not show malicious behavior.
"ownerId": "kn7eempv3pnx6j045fcmg02m8581mcdp", "slug": "agent-autopilot", "version": "1.4.1"
Verify the publisher and package lineage before installing, and ensure any copied todo-management dependency comes from a trusted local installation.