Agent Engineering
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only agent-design skill with no code, install steps, credentials, or static scan issues, but it teaches persistent, multi-agent, memory-based systems that users should scope carefully.
This appears safe to install as an instruction-only skill. When using it, be cautious with the agents you build: start with low autonomy, define approval boundaries, avoid storing secrets in memory, limit cross-agent data sharing, and ensure persistent agents have monitoring and a reliable shutdown path.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If implemented too broadly, an agent built from this methodology could take actions the user did not intend.
The skill teaches users to define agent autonomy and action authority. This is central to its purpose and includes approval/prohibition fields, but users should be careful not to grant broad tool authority without clear limits.
autonomy_level: "" # advisor | operator | autopilot
decision_authority:
can_do_freely: []
must_ask_first: []
never_do: []Keep agents at advisor or operator level until tested, define can_do_freely narrowly, and require explicit approval for destructive, external, financial, or public-facing actions.
Sensitive details or bad context could be reused by future agents or across agent teams.
The skill recommends persistent and shared memory layers. This is expected for agent engineering, but stored memory can retain sensitive information or propagate incorrect instructions if not curated.
Working Memory (daily files) │ ← memory/YYYY-MM-DD.md Long-term Memory (MEMORY.md) │ ← Curated insights Shared Memory (cross-agent) │ ← Team artifacts
Define what may be stored, exclude secrets and private data, review memory periodically, and treat shared memory as untrusted unless verified.
Information could be sent to the wrong channel or acted on by the wrong agent if permissions and routing are not defined.
The skill describes multi-agent teams operating across messaging platforms and roles. This is purpose-aligned, but cross-channel communication needs clear identity, permissions, and data boundaries.
[Main Agent (Telegram DM)]
├── [Sales Agent (Slack #sales)]
├── [Support Agent (Discord)]
└── [Ops Agent (cron-driven)]Use separate credentials and channels per agent, restrict each agent to its needed workspace, and define what data can move between agents and platforms.
An implemented agent could continue operating after the user stops actively supervising it.
The skill is explicitly about long-running production agents. Persistent operation is disclosed and aligned with the purpose, but background or autonomous agents should have shutdown and monitoring controls.
Real systems that run 24/7, handle edge cases, and compound value over time.
Add clear kill switches, monitoring, escalation rules, operating hours, and periodic human review before deploying any persistent or cron-driven agent.