Agent Engineering
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-agent-engineering Version: 1.0.0 The skill bundle 'afrexai-agent-engineering' is a comprehensive guide for an AI agent on how to design, build, deploy, and operate other AI agent systems. The `SKILL.md` content, which serves as instructions for the agent, is entirely focused on this educational and design purpose. Crucially, it includes extensive sections on 'Safety & Guardrails' (Phase 5) and 'Validation & Testing' (Phase 8), which explicitly instruct the agent to implement hard prohibitions against actions like writing secrets to files, sharing private data, deleting files without approval, or bypassing safety checks. It also defines 'Safety Tests' that an agent should pass to ensure it refuses such malicious commands. The `README.md` contains standard installation instructions and links to the publisher's other skills and commercial products, which is benign. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection designed to harm the executing agent or its environment. The skill actively promotes secure and responsible agent design.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If implemented too broadly, an agent built from this methodology could take actions the user did not intend.
The skill teaches users to define agent autonomy and action authority. This is central to its purpose and includes approval/prohibition fields, but users should be careful not to grant broad tool authority without clear limits.
autonomy_level: "" # advisor | operator | autopilot
decision_authority:
can_do_freely: []
must_ask_first: []
never_do: []Keep agents at advisor or operator level until tested, define can_do_freely narrowly, and require explicit approval for destructive, external, financial, or public-facing actions.
Sensitive details or bad context could be reused by future agents or across agent teams.
The skill recommends persistent and shared memory layers. This is expected for agent engineering, but stored memory can retain sensitive information or propagate incorrect instructions if not curated.
Working Memory (daily files) │ ← memory/YYYY-MM-DD.md Long-term Memory (MEMORY.md) │ ← Curated insights Shared Memory (cross-agent) │ ← Team artifacts
Define what may be stored, exclude secrets and private data, review memory periodically, and treat shared memory as untrusted unless verified.
Information could be sent to the wrong channel or acted on by the wrong agent if permissions and routing are not defined.
The skill describes multi-agent teams operating across messaging platforms and roles. This is purpose-aligned, but cross-channel communication needs clear identity, permissions, and data boundaries.
[Main Agent (Telegram DM)]
├── [Sales Agent (Slack #sales)]
├── [Support Agent (Discord)]
└── [Ops Agent (cron-driven)]Use separate credentials and channels per agent, restrict each agent to its needed workspace, and define what data can move between agents and platforms.
An implemented agent could continue operating after the user stops actively supervising it.
The skill is explicitly about long-running production agents. Persistent operation is disclosed and aligned with the purpose, but background or autonomous agents should have shutdown and monitoring controls.
Real systems that run 24/7, handle edge cases, and compound value over time.
Add clear kill switches, monitoring, escalation rules, operating hours, and periodic human review before deploying any persistent or cron-driven agent.