Agent Lifecycle Protocol
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent and purpose-aligned, but users should notice that it relies on an external PyPI package and creates persistent agent lifecycle records.
This skill appears benign and coherent for tracking agent lifecycle data. Before installing, verify the PyPI package source/version, use a contained environment, and treat lifecycle records such as reputation and obligation transfer as governance data that should be reviewed rather than blindly trusted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives local code from PyPI a chance to run or be imported later, so its real behavior is not confirmed by this skill artifact alone.
The skill depends on an external PyPI package, while the provided artifacts contain no package code for review.
pip install agent-lifecycle-protocol
Install only from the expected PyPI project, review the package source or pin a trusted version, and use a virtual environment if possible.
Incorrect or stale lifecycle records could be reused later and affect trust, succession, or genealogy decisions.
The skill creates or uses a persistent lifecycle store, which can preserve agent identity, lineage, reputation, and obligation records across sessions.
store = LifecycleStore("lifecycle.jsonl")Keep the lifecycle file in a known project directory, review important changes, and avoid treating stored reputation or obligation data as authoritative without validation.
A wrong retirement, fork, reputation, or obligation record could influence later agents that rely on the lifecycle history.
The lifecycle model includes transferring obligations and reputation across agent successors, which can propagate mistaken records if used without review.
Retiring agents must transfer active agreements to successors.
Require human review for succession, retirement, and obligation-transfer records, especially in shared or production agent systems.