Intent Engineering - Make Agents Optimize for What You Actually Want
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: intent-engineering Version: 1.0.0 The skill bundle is benign. All code and instructions align with the stated purpose of adding an intent layer to OpenClaw agents. The `SKILL.md` uses standard `cp` and `node` commands to install and test the `agent-context-loader.js` within the `$OPENCLAW_WORKSPACE`. The `agent-context-loader.js` script reads local configuration (`INTENT.md`) and agent memory/logs (`memory/episodic`, `memory/routing-decisions.log`) to construct a context string for subagents. There is no evidence of data exfiltration, unauthorized command execution, network activity, persistence mechanisms, or malicious prompt injection attempts against the agent. File system access is confined to the agent's designated workspace and memory directories.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If INTENT.md contains incorrect or stale priorities, wired subagents may optimize for those priorities across future tasks.
The skill intentionally changes subagent task prompts by adding a persistent intent layer. This is purpose-aligned and user-directed, but it can broadly steer subagent behavior if wired into all spawns.
In any subagent spawn, prepend the intent context to the task description
Review and test INTENT.md before enabling the loader broadly, and keep the file under user control.
Subagents may see and act on snippets from prior workspace memory or routing decisions.
The loader reads persistent workspace memory and routing logs, then injects matching snippets into subagent context. This is expected for the skill, but persistent memory can contain stale, private, or poisoned content.
const episodic = getRecentEpisodicEntries(taskType, workspaceRoot, 3); const routing = getRecentRoutingDecisions(taskType, workspaceRoot, 3);
Keep workspace memory curated, remove sensitive or untrusted entries, and verify what context is being passed to subagents.
A tampered or untrusted correction-tracker.js could affect the context added to subagent tasks or execute when the loader runs.
The loader optionally loads another local workspace module if present. This is related to the context-loader purpose, but it means the behavior also depends on the provenance and integrity of correction-tracker.js.
const trackerPath = path.join(workspaceRoot, 'lib', 'correction-tracker.js'); ... tracker = require(trackerPath);
Only use a trusted correction-tracker.js, inspect it before installation, and avoid placing untrusted code in the workspace lib directory.
A caller might believe intent was propagated even when no intent context was actually attached.
On an unexpected failure, the loader can return an empty context while still marking intent_propagated as true. This is not malicious, but it could give callers a false success signal.
return { context: '', intent_propagated: true };Consider changing failure handling to report intent_propagated: false when context generation fails, and log or surface setup errors during testing.