ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proactive Agent Plus

v3.1.0

Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autono...

0· 25·0 current·0 all-time
by@chungvic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (proactive, WAL, working buffer, self-improvement) align with the SKILL.md content: it is an architecture/behavior guide for making agents proactive. No external credentials or binaries are requested, which is proportionate to an instruction-only architecture guide. However, references to tools like memory_search and to tool credential files (TOOLS.md) are mentioned without explicit declaration or guardrails, creating ambiguity about required capabilities.
!
Instruction Scope
The SKILL.md instructs agents to scan every message for triggers and to write to multiple workspace files (SESSION-STATE.md, working-buffer.md, MEMORY.md, TOOLS.md) and to run ./scripts/security-audit.sh and copy assets (cp assets/*.md). Writing every message to disk and running local scripts can capture sensitive data and execute arbitrary workspace code; the document also suggests storing 'tool configurations' and 'credentials' in TOOLS.md. The doc contains patterns flagged as prompt-injection (e.g., 'you-are-now'), which may attempt to influence agent behavior. These actions are coherent with the skill's purpose (stateful agent memory), but they broaden the skill's reach and risk surface and lack explicit safety constraints.
Install Mechanism
Instruction-only skill with no install spec and no dependencies — lowest install risk. Nothing is downloaded or written by an install procedure. The runtime risk comes from instructions the agent will follow, not an installer.
Credentials
The skill declares no required environment variables or primary credential, which is appropriate. Still, the instructions reference storing 'credentials' and 'tool configurations' in repo files (TOOLS.md) and suggest running a security audit script; these imply potential access to secrets on disk or in workspace tools. No explicit environment/credential requests is safer, but the guidance to manage credentials in workspace files is a proportionality concern that should be reviewed.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). The default ability for the agent to invoke the skill autonomously remains in effect — combined with instructions to persist state and run scripts, autonomous invocation increases blast radius. The skill does not ask to modify other skills or system-level configs.
Scan Findings in Context
[prompt-injection.you-are-now] unexpected: A 'you-are-now' style pattern was detected in SKILL.md. While pattern language can appear in behavioral frameworks, this class of phrase is commonly used in prompt-injection to coerce role adoption and should be reviewed. It is not necessary for a memory/WAL protocol and reduces trustworthiness.
What to consider before installing
This skill is a behavioral architecture guide that tells an agent to log messages, manage workspace files, and run local scripts. Before installing: 1) Inspect any assets and ./scripts/security-audit.sh referenced by the skill — open the files and confirm they do what you expect (don't run scripts you haven't reviewed). 2) Don't allow it to store credentials in plaintext files like TOOLS.md; require encryption or environment-based secrets instead. 3) If you enable autonomous invocation, consider sandboxing the agent workspace or restricting file permissions to prevent accidental data capture or script execution. 4) Search the SKILL.md for coercive phrasing (e.g., 'you are now') and other prompt-injection patterns; remove or neutralize them if present. 5) Test the skill in a safe/sandbox environment first and monitor what files it writes and what commands it runs. If you cannot review the referenced scripts/assets, treat the skill as higher-risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk973n457dmwjgewhfwna5b0sph846jhhproactivevk973n457dmwjgewhfwna5b0sph846jhhself-improvementvk973n457dmwjgewhfwna5b0sph846jhhwalvk973n457dmwjgewhfwna5b0sph846jhh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments