Proactive Agent
Security checks across malware telemetry and agentic risk
Overview
This skill is openly designed for proactive, persistent assistance, but it asks the agent to remember broad personal/work context, check accounts, use many tools, and operate periodically without clear scope controls.
Install this only if you intentionally want a persistent, proactive agent. Use a dedicated workspace, define what files and accounts it may access, review memory files often, avoid storing secrets in memory, and require explicit approval for external actions, account changes, shell commands, browser automation, and spawned agents.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private personal or work details could be stored in long-term agent memory and reused in later sessions, including if they were captured accidentally or from misleading content.
The skill instructs the agent to continuously learn from user files and persist that context, but does not define which files are in scope, what is excluded, how long memories are retained, or how users review/remove captured information.
I will: - Read your files and learn context continuously - Proactively build things that might help
Use this only in a dedicated workspace, define explicit allowed paths and exclusions, review memory files regularly, and require approval before storing sensitive personal, financial, health, credential, or third-party information.
The agent may access sensitive account information such as messages, schedules, contacts, or event details more broadly than the user expects.
The skill directs periodic checks of email and calendar data, but the metadata declares no credentials or account scope and the artifacts do not specify read-only limits, which accounts are used, or what approval is required.
Morning (08:00-09:00): - Calendar check (next 24h) - Email triage (urgent only)
Before enabling these workflows, configure exact account permissions, prefer read-only scopes, document which accounts may be accessed, and require explicit approval before sending, modifying, or deleting anything.
The agent could continue initiating checks, updates, and messages beyond a single user task, increasing the chance of unwanted actions or interruptions.
The heartbeat workflow describes repeated proactive checks and outreach behavior, but the skill does not provide a concrete enable/disable mechanism, maximum runtime, or clear containment for autonomous activity.
Don't check everything every time. Rotate through these 2-4 times per day
Only enable heartbeat or cron-like behavior with an explicit schedule, a visible kill switch, a list of allowed actions, and a rule that external or account-changing actions require user approval.
The agent may perform more local commands, browsing, searches, and delegated agent work than expected, which can consume resources or expose additional local/account context.
The skill encourages broad tool use and spawning agents before asking for help. Although it includes safety rules for destructive and external actions, it does not clearly limit shell, browser, web, or subagent activity.
Try at least 5-10 methods before asking for help Use every tool: CLI, browser, web search, spawning agents
Set explicit per-tool approval rules, especially for shell commands, browser automation, account access, web uploads, and spawning additional agents.
It may be harder to verify the publisher, compare releases, or audit the exact upstream source.
The registry provides no source or homepage, and the registry version differs from the SKILL.md front matter version shown as 3.1.0. This is a provenance and review-context gap, not proof of malicious behavior.
Source: unknown Homepage: none Registry metadata: ... Version: 1.0.0
Review the included files manually and prefer installing from publishers with clear source links, release history, and matching metadata.
Running the script reads workspace files and may print matching credential-like lines to the terminal during the audit.
The skill includes a user-directed shell script. The provided script appears to run local grep-based security checks in the OpenClaw workspace, which is aligned with the stated security-audit purpose.
Run security audit: `./scripts/security-audit.sh`
Inspect the script before running it and run it only in a trusted local terminal where output will not be shared or logged publicly.