团队每小时复盘
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may delay or refuse normal tasks until it performs retrospective or memory-management actions.
These instructions impose broad stopping and starting conditions that could cause an agent to prioritize knowledge-base maintenance over an unrelated user request.
⛔ 不完成任务知识库建设,不允许开始新任务 ⛔ 不错误知识化,不允许结束当前工作
Limit these rules to explicit retrospective sessions, and require user confirmation before delaying unrelated work.
Sensitive project details or mistaken task context could persist, be shared across agents, and influence future work.
The skill directs agents to persist important task data, reuse it across sessions, and back up memory into shared storage, but does not define redaction, exclusions, access boundaries, or review controls.
所有重要任务必须写入MEMORY.md ... 每个agent工作开始前必须确认当前MEMORY.md中的任务 ... 重要memory文件备份到shared_memory/
Define what may be stored, exclude secrets/private data, set retention limits, and review shared memory before reuse.
A bad or misunderstood retrospective could become a persistent rule that affects later tasks and other agents.
Hourly retrospective output is expected to become reusable skills or rules, which can propagate incorrect lessons or over-broad instructions into future agent behavior if not reviewed.
每个错误必须有对应skill文件或改进措施 每小时复盘必须产出可复用的规则 所有铁律必须定期检查和更新
Require human review before new skill files or global rules become active, and keep a rollback/version history.
If implemented without controls, sessions or backups could continue beyond the user's intended task.
The document describes recurring monitoring, automatic restart, and automatic backup behavior. No code installs this, but implementing it would create autonomous background activity.
心跳监测: 每分钟检测会话状态 自动恢复: 发现异常时自动重启 ... 每5分钟自动备份
Make any scheduler or auto-restart opt-in, visible, and easy to stop.
Task or decision details may move between agents or channels if A2A routing is misconfigured.
The skill relies on inter-agent A2A sessions and forwarding rules. It includes an anti-leakage rule, but identity, permissions, and enforcement are not specified.
必须使用A2A session ... 抄送:非CC不转发,CC直接转发
Confirm A2A identities, allowed recipients, and forwarding rules before using this with sensitive team information.
The agent may need access to usage logs that could reveal project activity or account details.
Viewing model API call records can require privileged account or billing/log access. This is related to resource monitoring, but the artifacts do not define least-privilege scope.
查看模型API调用记录,防止同时触发限额
Use read-only, least-privilege access for usage monitoring and avoid exposing prompt or credential data in logs.