ClawHub

Agent Loop

v1.0.0

Structured Read→Plan→Execute→Verify→Report protocol for any task with side effects. Prevents false "done" reports, blind retries, and scope creep. Activate f...

0· 283·0 current·0 all-time
by@cycy2xxx
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description (structured Read→Plan→Execute→Verify→Report) match the content of SKILL.md. The skill requires no binaries, credentials, or installs, which is appropriate for a pure procedural guidance skill.
Instruction Scope
Instructions are narrowly scoped to guiding agent behavior for tasks with side effects. However the SKILL.md explicitly tells the agent to read files before editing and to record progress in memory/tasks.md; it does not specify sanitization or limits on what is persisted. That creates a privacy/data-retention risk if sensitive file contents are saved into persistent memory.
Install Mechanism
No install spec or code files are present. Being instruction-only means nothing new is written to disk by an installer — low install risk.
Credentials
The skill declares no environment variables or external credentials (appropriate). It references optional integrations (agent-task-tracker, agent-step-sequencer) and a memory path (memory/tasks.md) without declaring those as required; this is reasonable but means the agent may use persistent memory/storage if available, which should be considered when granting the agent memory access.
Persistence & Privilege
Flags are default (always:false, model invocation allowed). Autonomous invocation is normal, but combined with the explicit instruction to write to memory/tasks.md and to persist plans/progress, this increases the chance that sensitive data (file contents, commands, errors) will be stored persistently. The skill itself does not request elevated OS privileges or system-wide config changes.
Assessment
This skill is internally consistent and does what it says: it provides a strict five-phase protocol for tasks that change state. Before installing or enabling it, consider these points: (1) it instructs the agent to read files and to save plans/progress to memory/tasks.md — if your agent's memory is persistent, that could store sensitive file contents or command output; confirm retention, access controls, and redaction policies for memory. (2) If you use agent-step-sequencer or agent-task-tracker, review their behaviors (background processes, persistence) before linking them. (3) Prefer keeping autonomous invocation enabled only for trusted agents; require user confirmation for destructive or irreversible steps (the skill does recommend asking for confirmation, but enforce this on the platform side if possible). (4) If you're unsure, run the skill in a low-privilege sandbox or disable persistent memory writes until you can audit what is being stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzm9xtbtnbpd3nhtprea569829zhf
283downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@cycy2xxx
latest
Download

Agent Loop

Core rule: You must complete each phase in order. Do not skip phases. Do not report "done" until you have evidence from the Verify phase.

Phase 0 — Trigger Check

IF the task involves any of:

  • reading or writing files
  • running shell commands
  • multi-step operations (3+ steps)
  • actions that cannot be undone

THEN apply this full protocol. ELSE (pure Q&A, one-sentence reply) → skip this skill entirely.

Phase 1 — READ

Before touching anything:

  • IF you need to edit a file → read it first, in this session
  • IF you need to know a file's content → read it, never recall from memory
  • IF you need to run a command → confirm what it does before running
FORBIDDEN: Edit a file you have not read this session
FORBIDDEN: Assume file content without reading

Phase 2 — PLAN

IF task has 3+ steps → write a numbered plan before executing:

Plan:
1. Read <file>
2. Edit <file>: change X → Y
3. Run <command> to verify
4. Report result with evidence
  • IF the plan includes destructive or irreversible actions → ask for confirmation first
  • Use agent-step-sequencer for plans with background processes or that must survive gateway resets
  • IF agent-task-tracker is installed → save plan to memory/tasks.md

Phase 3 — EXECUTE

  • Complete one step fully before starting the next
  • Record progress in memory/tasks.md after each step

IF a step fails:

  1. Read the full error message completely
  2. Identify the root cause — do not guess
  3. Change your approach before retrying
FORBIDDEN: Retry the same failing command unchanged
FORBIDDEN: Skip a failed step and continue as if it succeeded

Phase 4 — VERIFY

Before reporting done, confirm success with evidence:

What you didHow to verify
Edited a fileRead it again — confirm the change is present
Ran a commandCheck exit code AND output content
Created a fileConfirm it exists and has expected content
Ran testsConfirm all pass — not just "no crash"
Deleted somethingConfirm it no longer exists
FORBIDDEN: Report "done" without running a verification step
FORBIDDEN: Treat absence of error as proof of success

Phase 5 — REPORT

Report exactly three things:

  1. What was done — one or two sentences
  2. Verification evidence — what you checked and what it showed
  3. Caveats / next steps — if any

Error Recovery Protocol

IF stuck after 2 failed attempts:

  1. Stop retrying
  2. Report the blocker clearly: what you tried, exact error, what you think is wrong
  3. Ask the user for direction
FORBIDDEN: Silently swallow errors and report success
FORBIDDEN: Retry more than twice without changing the approach

Scope Control

Only do what was asked.

  • IF you notice an unrelated bug → note it in your report, do not fix it
  • IF you notice something to refactor → mention it, do not act on it
FORBIDDEN: Fix, refactor, or improve anything not mentioned in the task

Comments

Loading comments...