Tenacity — Never Give Up
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill openly makes the agent keep working without confirmations, but it gives broad file/command authority, persistence, and Telegram reporting that need careful review.
Install or invoke this only for tightly scoped tasks. Before use, edit the standing order to limit allowed tools, require approval for deletes/commands/external actions, remove the hard-coded Telegram recipient, set an expiration for any cron/background run, and clean checkpoints/memory logs when done.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may take many actions without interim review, even when the user would normally expect checkpoints or approvals.
This intentionally changes the agent's normal stopping and confirmation behavior for potentially broad tasks.
Default behavior: Ask for confirmation only when blocked, not at every step. If the path is clear, execute.
Use only with a narrow written scope, explicit stop conditions, and separate approval for destructive, external, or high-impact actions.
A mistaken instruction or bad intermediate result could lead to unwanted file edits, deletions, or command execution before the user sees it.
The no-ask authority includes destructive file operations and broad command/tool execution.
What I Can Do Without Asking ... Read, write, edit, delete files in workspace ... Run scripts and commands ... Use any tool in the workspace
Require confirmation for deletes, bulk changes, risky commands, and any tool outside a task-specific allowlist.
A standing order could be interpreted as ongoing consent for later actions, not just the immediate task.
The skill frames standing orders as permanent delegated authority, but the artifacts do not define expiry, revocation, or mandatory re-confirmation.
| Standing Orders | Grants permanent authority to execute within scope |
Make every standing order task-specific, time-limited, and automatically revoked or reviewed at completion.
Task summaries or status updates could be sent to a recipient that is not the installing user.
The cron example sends announcements to a hard-coded Telegram recipient, creating an unclear external data boundary.
--announce \ --channel telegram \ --to "834732674"
Remove the hard-coded recipient, require the user to configure the destination, and confirm before sending sensitive task summaries.
The agent may continue operating in the background after the initial interaction unless the user actively stops it.
The skill encourages persistent autonomous execution that can survive restarts and run on a schedule.
| Task Flow | Durable multi-step state across gateway restarts | ... | Cron | Scheduling and enforcement |
Require explicit opt-in for cron/background runs, set an end time, and document how to list, pause, and remove scheduled Tenacity jobs.
Old or tampered checkpoint data could influence a resumed task, and local checkpoint files may reveal task details.
Checkpoint state is stored locally and later reused as resume context, which is purpose-aligned but should not contain secrets or be blindly trusted.
CHECKPOINT_DIR="${CHECKPOINT_DIR:-/tmp/tenacity-checkpoints}" ... cat "$LATEST"Use a private checkpoint directory, avoid storing secrets in checkpoint state, and clean or validate checkpoints before resuming.