Ai Compound 1.0.1
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill clearly aims to improve agent memory, but it asks the agent to automatically scan sessions, rewrite memory/instruction files, and run recurring jobs without clear scope or review controls.
Use caution before installing. The idea is understandable, but you should only enable it if you are comfortable with automated review of your sessions and persistent changes to memory and agent instruction files. Start manually, review generated memory changes before accepting them, avoid automatic git push, and do not enable cron jobs until you have clear logging, redaction, and rollback.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private session details or incorrect instructions could be written into long-term memory and reused by the agent in later tasks.
The skill stores extracted session content and updates files that can guide future agent behavior, including AGENTS.md. The artifact does not clearly bound which sessions are reviewed, what sensitive content is excluded, how entries are verified, or how poisoned/mistaken learnings are prevented.
Scan all sessions from last 24h ... Extract learnings and patterns ... Update MEMORY.md and AGENTS.md
Require user review before updating MEMORY.md or AGENTS.md, limit which sessions/files are processed, add redaction rules, and keep versioned rollback for memory changes.
The agent may keep reviewing sessions and modifying memory files every night after installation, even when the user does not actively request it.
The skill encourages persistent scheduled automation that runs without a direct user prompt each time. This is disclosed and purpose-aligned, but the artifacts do not describe disable controls, approval gates, or safe failure behavior.
Set up automated nightly review (cron) ... Add this cron job to Clawdbot ... "schedule": "30 22 * * *"
Install scheduled jobs only after inspecting them, keep them disabled by default if possible, log every run, and add an easy uninstall/disable step.
Session summaries, preferences, decisions, or incorrect learnings could be committed or pushed to a repository without manual review.
The nightly workflow authorizes file mutation and git commits as part of an automated review. The diagram also says to 'Commit and push changes,' but the artifact does not require user approval before committing or pushing extracted session-derived content.
Update MEMORY.md with a summary. Update memory/YYYY-MM-DD.md with details. Commit changes to git.
Require a human approval step before git commit or push, keep generated memory changes in a separate branch or draft file, and exclude sensitive content by default.
Running the npx package may execute code that was not part of this review.
The reviewed package is marked as instruction-only with no install spec or code files, but the documentation asks users to run an external npx command. This may be expected for a CLI-based skill, but the actual package code was not included in the reviewed artifacts.
npx compound-engineering review ... npx compound-engineering snapshot ... npx compound-engineering setup-cron
Inspect the npm package source, pin a trusted version, and avoid running setup-cron until the package behavior is verified.