clawlist
ReviewAudited by ClawScan on May 10, 2026.
Overview
clawlist is a coherent task-management workflow, but it asks the agent to enforce itself broadly and to maintain recurring “infinite” tasks that a heartbeat may execute later.
Install only if you want a strong planning workflow that can create persistent task records and coordinate subagents. Before using long-running or infinite tasks, define explicit scope, allowed actions, cadence, stop conditions, and approval requirements.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may route even simple requests into a rigid skill workflow and delay or alter the response the user expected.
This makes skill invocation mandatory on a very low threshold and tells the agent to follow the skill exactly, which can supersede the user's desired interaction style or need for a simple answer.
Might any skill apply? → YES (even 1% chance) → Invoke skill ... Follow skill exactly
Treat the workflow as guidance, not an override; require clear applicability or user consent before invoking the full process.
If the platform honors these instructions, tasks could continue recurring across sessions and trigger future agent actions beyond the user's immediate request.
The skill explicitly creates indefinitely persistent tasks that a heartbeat process may execute in future checks, but it does not define termination, expiry, or re-approval requirements.
Infinite | Forever | `ongoing-tasks.md` ... Heartbeat reads `ongoing-tasks.md` every check to: Execute due infinite tasks
Use only with explicit user opt-in, clear cadence, stop conditions, allowed actions, and periodic re-confirmation before executing recurring tasks.
Old or modified task records may cause the agent to continue work on outdated goals or act on incorrect assumptions.
Persistent task memory is central to the skill and is reused across checks, so stale, incorrect, or unauthorized entries could influence future behavior.
Location: `memory/tasks/ongoing-tasks.md` ... Tracks all long-running and infinite tasks. Updated by heartbeat
Regularly review `memory/tasks/ongoing-tasks.md`, keep entries scoped, and require confirmation before acting on persistent task records.
Sensitive project details could be included in subagent prompts if the user does not scope dispatch carefully.
The parallel workflow intentionally shares task context with subagents; this is purpose-aligned and includes scoping guidance, but it still expands where context may be processed.
Using sessions_spawn for concurrent execution ... Each subagent gets: ... All context needed
Dispatch only independent tasks, provide minimal necessary context, and avoid sharing secrets or unrelated private data with subagents.