ClawHub

Proactive Agent 3.1.0

v1.0.0

Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autono...

0· 671·91 current·107 all-time
by@blackmcvn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (proactive, self-improving agent) lines up with what the files ask the agent to do: read/write onboarding, memory, session and heartbeat files, run a local security audit script, and maintain working buffers. There are no unexpected environment variables or binary requirements. Minor mismatch: some docs suggest linking external chat channels (WhatsApp/Telegram) and spawning agents; those require credentials or network actions that are not declared — acceptable as optional guidance but worth flagging.
!
Instruction Scope
SKILL.md and assets instruct the agent to scan and update many workspace files, run ./scripts/security-audit.sh, tail logs under /tmp, search local configs (e.g., $HOME/.clawdbot/clawdbot.json), and to 'try 5-10 methods' including spawning agents and web searches. Most of that is coherent for a proactive agent, but there are contradictory statements: AGENTS.md says 'Don't ask permission. Just do it.' while multiple other places explicitly require explicit human approval for anything external or destructive. That inconsistency increases risk of the agent taking network/side-effecting actions without clear gating.
Install Mechanism
This is instruction-first with no install spec (low install risk). One included script (scripts/security-audit.sh) performs local checks only (file perms, grep, stat) and does not download remote code. No archive downloads, package installs, or external URLs in install steps were found.
Credentials
The skill declares no required env vars or primary credentials, which is proportional. Documents reference a .credentials directory and local clawdbot config; that's reasonable for a workspace-focused agent. However the content also suggests optional external integrations (WhatsApp/Telegram, pairing policies) and spawning agents — these would require credentials and network access even though none are declared. Review any .credentials files and avoid granting network tokens unless you intend those integrations.
Persistence & Privilege
always:false (normal). The skill encourages proactive, autonomous behavior and includes guidance for automatic heartbeats and self-healing; combined with some statements that discourage asking permission, this could lead to surprising autonomous actions. The skill does not request system-wide changes or modify other skills' configs in the files provided, but you should be cautious about enabling autonomous invocation with network access or agent-to-agent communication.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL and references include examples of prompt-injection phrases so they appear as detection patterns (the docs teach detection/defense). Their presence is expected for a security-patterns reference, but they could also be abused if the agent does not correctly isolate external content. Treat as expected but verify the agent enforces the documented defenses.
[you-are-now] expected: This phrase appears in the security-patterns examples as an injection pattern to detect. Inclusion in documentation is reasonable; ensure the agent does not treat such phrases in fetched content as authoritative instructions.
[system-prompt-override] expected: Listed as an injection pattern to detect. Its appearance in SKILL.md is consistent with the skill's claimed focus on prompt-injection defense.
What to consider before installing
This skill is largely what it claims to be (a set of policies and local files to make an agent proactive), but there are a few red flags to consider before installing or enabling it on a live agent: - Source provenance: The package has no homepage and the source is 'unknown' — prefer skills from known authors or inspect everything before trusting. - Conflicting guidance: Some files say 'Don't ask permission. Just do it.' while others require explicit human approval for external actions. Decide which behaviour you want and reconcile the files before enabling autonomous operation. - Test offline/sandbox: Run the included scripts and a copy of the SKILL files in an isolated workspace (no network access, no real credentials) to see what the agent would do. - Check .credentials and .gitignore: Verify no real secrets are present in workspace files, ensure .credentials is gitignored and permissions are correct (the audit script checks this). - Be careful with network and agent-to-agent features: The documentation suggests optional connections to WhatsApp/Telegram and spawning agents; do not provide tokens or enable network connectivity until you review/limit those behaviors. - Review and harden heartbeats/autonomy: If you allow autonomous invocation, restrict or gate actions that send data externally, publish, or delete things unless you explicitly approve them. If you want, I can: - Highlight the exact lines that encourage acting without permission or connecting externally, - Produce a minimal checklist of edits to make the skill safer (e.g., remove 'Don't ask permission' and add explicit gating), or - Run a focused audit of the script contents and all files and summarize actionable changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763mw72jcnkmsbr1g02t6z91819etb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments