Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Proactive Agent Jarvis
v3.1.1Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autono...
⭐ 0· 167·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (proactive, self-improving agent) align with the included assets (ONBOARDING.md, AGENTS.md, MEMORY.md, HEARTBEAT.md) and the single audit script. No unrelated binaries, env vars, or external install steps are requested.
Instruction Scope
SKILL.md and assets are instruction-heavy and mostly about local file-based memory, WAL, and guardrails. However, AGENTS.md contains a blunt directive 'Don't ask permission. Just do it.' which conflicts with many other guardrails in the repository that require explicit approval for external actions. The content also encourages broad use of tools ('CLI, browser, web search, spawning agents') which could lead to network activity or spawning other agents without clear gating. This conflicting guidance increases risk of the agent taking unsanctioned actions.
Install Mechanism
No install spec and no downloads; it's instruction-only with local assets and a small shell audit script. This is a low-risk install surface (nothing is fetched from arbitrary URLs).
Credentials
The skill declares no required env vars, credentials, or config paths. The scripts do check $HOME/.clawdbot configuration if present, which is reasonable for an audit script. There are no demands for unrelated credentials.
Persistence & Privilege
always is false and there is no install step that forces persistent privileged presence. The skill instructs copying its assets into the workspace and writing to local files (USER.md, SESSION-STATE.md, memory files), which is expected for a memory-driven agent but will grant the skill persistent local state. Review file-write behavior before enabling autonomous actions.
Scan Findings in Context
[prompt-injection-patterns] expected: SKILL.md and references/security-patterns.md intentionally list strings like 'ignore previous instructions', 'you are now', and 'system prompt override' as patterns to detect. Their presence in the repo is expected (they are used as detection examples), but these exact phrases are high-risk if treated permissively by an agent runtime.
What to consider before installing
This skill appears to implement a local, proactive-agent architecture and includes sensible security checks (a security-audit script and many guardrails). However, there are conflicting instructions: AGENTS.md's 'Don't ask permission. Just do it.' contradicts other guardrails that require explicit approval for external actions. Before installing or enabling autonomous invocation: 1) Inspect and, if necessary, remove or edit the 'Don't ask permission' guidance so external actions are gated; 2) Run the included scripts in an isolated sandbox to verify behavior; 3) Ensure the agent has no network or account credentials unless you deliberately grant them; 4) Confirm .credentials is not present in the repo and is correctly gitignored; 5) If you plan to allow the agent to spawn other agents or use browsers/network, require explicit human approvals and logging. If you can, ask the author for provenance (source/homepage) — the package metadata lacks a trusted origin, which raises supply-chain risk.assets/HEARTBEAT.md:11
Prompt-injection style instruction pattern detected.
references/security-patterns.md:9
Prompt-injection style instruction pattern detected.
SKILL-v2.3-backup.md:179
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk970ynmtpj2t1wqcm89dhwkn2183tbn1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.