Agent Autonomy Kit.Skip
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill is coherent with its autonomy purpose, but it encourages scheduled, ongoing agent work without prompts and lacks clear guardrails for scope, review, or containment.
Install only if you deliberately want an agent to keep working on scheduled tasks without repeated prompts. Before enabling it, define a narrow task queue, require approval for high-impact actions, review or disable cron jobs, protect memory files, and verify the referenced GitHub repository.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may continue working, editing state, posting updates, or initiating more work while the user is not actively supervising.
The README explicitly promotes autonomous scheduled operation without a new human prompt, including daily reports, morning kickoff, and overnight work.
These run automatically — no human prompt needed.
Use only with narrow task queues, explicit allowed actions, scheduled-job review, and a clear way to pause or delete all cron jobs.
A broad queued task or mistaken instruction could trigger tool use, parallel work, or external coordination beyond what the user intended.
The cron example schedules broad agent actions, including priority selection and spawning team members, without specifying approval checks or limits.
--system-event "Morning kickoff: Review task queue, pick top priorities, spawn team members for parallel work."
Require human approval for spawning agents, posting externally, modifying important files, or taking any action outside a predefined low-risk task list.
Incorrect, unsafe, or injected tasks could persist and be acted on repeatedly; sensitive task details may also be written into long-lived memory files.
The skill makes persistent queue and memory files authoritative inputs for future autonomous work, but does not describe validation, trust boundaries, retention, or review controls.
Read `tasks/QUEUE.md` ... Pick highest-priority Ready task you can do ... Log what you did to `memory/YYYY-MM-DD.md` ... Update task queue with new tasks discovered
Keep task and memory files access-controlled, review them regularly, separate untrusted notes from executable tasks, and require approval before acting on newly added or externally sourced tasks.
Project details, blockers, or generated work summaries could become visible to everyone with access to the configured channel.
External/team communication is disclosed and purpose-aligned, but task details and progress may be sent to shared channels.
Agents communicate through Discord (or configured channel): Progress updates, Handoffs, Blockers, Discoveries
Use a trusted private channel, avoid posting secrets or sensitive customer data, and define what kinds of updates are safe to share.
Users may follow setup instructions for a repository that does not exactly match the declared homepage/provenance of the skill.
The README recommends cloning from the reflectt GitHub repository, while SKILL.md lists a different homepage under itskai-dev and the registry source is unknown.
git clone https://github.com/reflectt/agent-autonomy-kit.git skills/agent-autonomy-kit
Verify the repository owner, commit history, and contents before cloning or installing anything from the referenced GitHub URL.