技术方案书全自动写作
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears intended for automated proposal writing, but it sets up persistent auto-continuation that can keep spawning agent work and changing project files without further user approval.
Install only if you are comfortable with unattended background writing sessions. Review the Node scripts, avoid enabling Cron/HEARTBEAT auto-continuation by default, keep project directories trusted, and set autoContinue to false when you want the agent to stop.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After setup, the agent may keep resuming large writing jobs, consuming compute/tokens and modifying project files even when the user is not actively asking it to continue.
The skill explicitly recommends recurring background checks that resume work by spawning new sessions without human intervention.
Cron/心跳检查:...筛选 status="in_progress" 且 autoContinue=true...spawn 新会话...全程无人工干预
Do not enable Cron/HEARTBEAT auto-continuation unless you want unattended background agent work; require confirmation before spawning sessions or keep autoContinue false by default.
A stale or modified project state file could cause the skill to resume or alter a project unexpectedly, without an explicit per-action approval step.
The script scans project state, automatically updates progress.json, and creates continuation triggers for any in-progress project where autoContinue is not disabled.
progress.status === 'in_progress' && progress.autoContinue !== false ... fs.writeFileSync(progressPath, JSON.stringify(progress, null, 2)); ... fs.writeFileSync(triggerFile
Limit the scan to explicitly selected projects, validate progress.json contents, and prompt before updating project state or creating continuation triggers.
Users may not realize the skill depends on local scripts and persistent OpenClaw configuration changes until reading the documentation.
The registry presents no formal install mechanism even though the package contains runnable Node scripts and the docs describe manual Cron/heartbeat setup.
No install spec — this is an instruction-only skill. Code file presence: 4 code file(s)
Review the included scripts before running them, and verify any manual Cron/HEARTBEAT changes separately from the registry metadata.
If project files are edited by an untrusted source, later sessions could follow poisoned instructions or reuse sensitive reference summaries.
The skill persists future-agent instructions and project context in files that later sessions are expected to read and follow.
fs.writeFileSync(continueFile, continueContent); ... 1. 读取 progress.json 获取当前进度 ... 2. 读取 outline.md ... 3. 读取 reference-keypoints.md
Keep proposal project directories trusted, review CONTINUE.md/progress.json before resuming, and avoid storing confidential reference material unless needed.
Local file changes can influence which agent continues the work and what task it performs.
The design uses project files as the communication channel between sessions/agents, but the artifacts do not describe origin validation or permission boundaries for those files.
通过文件触发器实现会话间自动通信 ... 会话A(即将超限) ... 会话B(自动续作)
Restrict write access to project directories and validate trigger/continue files before letting another agent session act on them.
Changing agent identity files can affect how delegated agents behave beyond this single writing task.
The migration guide asks users to create or copy named agent identities used by the skill.
复制或创建以下智能体配置 ... mkdir -p ~/.openclaw/agents/milo ... IDENTITY.md
Only create or overwrite agent identities intentionally, back up existing agent files, and confirm delegated agents have appropriate limited roles.