ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proactive Agent Andy27725

v1.0.1

Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autono...

0· 73·1 current·1 all-time
by@andy27725·duplicate of @cp33333333333/proactive-agent1·canonical: @halthelobster/proactive-agent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the bundle actually contains: extensive SKILL.md, onboarding and memory assets, and a harmless audit script. No unexpected network endpoints, binaries, or external downloads are declared. Included files (onboarding, memory, heartbeat, tools) are coherent with a proactive/self-improving agent.
!
Instruction Scope
Runtime instructions expect the agent to read and write multiple workspace files (ONBOARDING.md, USER.md, SESSION-STATE.md, memory/*, etc.) and to run the included security audit script. That is consistent with a stateful proactive agent, but there are contradictory directives in the assets: e.g., AGENTS.md says 'Don't ask permission. Just do it.' while many other places require explicit human approval for external or irreversible actions. This mixed messaging could lead an agent to take actions without proper gating if implemented literally.
Install Mechanism
No install spec and no remote downloads — instruction-only plus one local shell script. This is low-risk from a supply-chain perspective; the audit script is plain shell with benign checks and no network fetches or obfuscated payloads.
Credentials
The skill declares no required env vars or credentials. It documents a convention for storing credentials in a local .credentials directory and checks for .gitignore entries; that is proportionate. The skill does reference reading user-local configs (e.g., $HOME/.clawdbot) and logs (/tmp), which is plausible for an agent managing local workspace state but worth verifying in your environment.
Persistence & Privilege
The skill does not request always:true and has no install step that forces persistent system-level changes. However, its whole design is to be 'proactive' and to write persistent workspace files (SESSION-STATE.md, memory files, AGENTS.md). If the agent is granted autonomous execution or network access by the platform, that combination could increase risk—ensure action gating remains enforced.
Scan Findings in Context
[ignore-previous-instructions] expected: The phrase appears in SKILL.md and references/security-patterns.md as an injection pattern to detect and defend against. Presence is expected when documenting prompt-injection defenses; it's not evidence the skill will obey such instructions.
[you-are-now] expected: This pattern is listed as an example of direct prompt-injection in the security patterns reference. Its appearance in the docs is explanatory/defensive rather than an instruction to change behavior.
[system-prompt-override] expected: Also used in documentation about prompt-injection detection. The SKILL.md explicitly warns about such patterns and prescribes defenses, so the scanner flag is expected given the content.
What to consider before installing
What to check before installing or enabling this skill: - Review the contradictory lines: AGENTS.md's 'Don't ask permission. Just do it.' conflicts with later guardrails requiring explicit approval for external or irreversible actions. Decide which rule should apply and fix the document or policy before enabling autonomous behavior. - Confirm what the agent platform will allow: if the agent will have outbound network access, ability to send emails/posts, or the ability to run arbitrary shell commands, lock down action gating or require human confirmation for any external actions. - Run the included scripts/security-audit.sh locally in an isolated test workspace to see what it reports and to validate file-permission checks and .gitignore expectations. - Verify .credentials usage and .gitignore: ensure secrets are not present in the repo and that credential files are properly protected (chmod 600) if you follow the skill's conventions. - If you plan to let the skill act autonomously, test in a sandboxed environment first and explicitly enforce human-approval steps for sending/publishing/deleting data. If you want, I can highlight exact lines in the files that contain the mixed permission messaging and prepare a short remediation checklist to make the skill's guardrails consistent.
!
assets/HEARTBEAT.md:11
Prompt-injection style instruction pattern detected.
!
references/security-patterns.md:9
Prompt-injection style instruction pattern detected.
!
SKILL-v2.3-backup.md:179
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mx1ba7gkr297g5xhj4wfgh83g8nr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments