Abby Autonomy
v1.0.0使 Abby 能主动从任务队列获取并执行任务,自主管理任务状态,持续推进工作至完成或资源限制。
⭐ 0· 412·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the included code (queue/heartbeat/status). The skill reads/writes a local tasks/QUEUE.md and memory/task_state.json, which fits the stated purpose. However: SKILL.md and scripts reference an executor.py that is not present in the bundle, and __init__.py imports 'complete_task' from both queue and status (name collision/inconsistency). These mismatches suggest incomplete or sloppy packaging.
Instruction Scope
SKILL.md and the scripts describe only local file-based queue management and periodic heartbeats, which is appropriate. But heartbeat.py inserts a path into sys.path to import code from workspace/skills/long-term-memory (outside the skill bundle). That means at runtime the skill will attempt to load another skill's code from the agent workspace — behavior not strictly documented beyond a dependency note. The urgent-check mentions 'Gateway' and human messages (TODO) but those checks are unimplemented. Overall the runtime instructions do not exfiltrate data, but the external import expands the runtime surface and could access other skill data.
Install Mechanism
No install specification and no remote downloads; the skill is provided as local code and operates on local files. This is low install risk.
Credentials
The skill requests no environment variables or credentials, and operates on local files only. The main proportionality concern is the explicit sys.path insertion to a 'long-term-memory' skill in the agent workspace — that gives the skill potential indirect access to whatever that other skill exposes (including any data it stores). The dependency on 'long-term-memory' is declared in SKILL.md, but users should verify that the referenced skill is trustworthy.
Persistence & Privilege
Flags show normal autonomy settings (always:false, user-invocable:true, model invocation allowed). The skill only writes to its own tasks/ and memory/ files; it does not request to modify other skills or global agent configuration. No 'always:true' privilege is requested.
What to consider before installing
This skill appears to implement a local task queue and autonomous heartbeat, which matches its description, but there are a few red flags you should consider before installing:
- The package references and attempts to import a 'long-term-memory' skill from the agent workspace (sys.path insertion). Verify that the long-term-memory skill exists and is trusted, because Abby will load and execute that code at runtime and may access its data.
- The SKILL.md and scripts mention an executor.py that is not included — the skill may be incomplete and could behave unexpectedly if you rely on it.
- There are minor code inconsistencies (duplicate imports/names) suggesting limited QA. Test in a controlled environment first (no sensitive data or credentials available), and inspect the long-term-memory skill code the bundle will import.
- If you allow the skill to run autonomously, consider limiting its permissions and monitoring file writes to tasks/ and memory/ directories.
If you want, I can list exact lines where the sys.path insertion and missing executor reference appear, or help craft a safer test plan for trying this skill in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97d0x984hzr56t70y9j7gab5n81kesr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.