ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Autonomia Agente

v1.0.0

Transforma agentes IA de seguidores de tarefas em parceiros proativos que antecipam necessidades e melhoram continuamente. Arquitetura proativa com WAL Proto...

0· 89·0 current·0 all-time
by@engsathiago
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise (proactivity, WAL/working buffer, self-improvement) aligns with the SKILL.md which instructs creation of a .autonomia/ WAL, BUFFER, LEARNINGS, ERRORS, and RECOVERY structure to enable persistence and self-improvement behavior.
!
Instruction Scope
SKILL.md instructs the agent to implement write-ahead logging and a persistent working buffer (creating .autonomia/* files) and to be 'proactive' and 'monitor' things. Those file-write instructions are coherent with the purpose, but the guidance is vague about what sources may be monitored or what 'reach out' means (no endpoints or allowed channels are specified). That vagueness grants broad discretion to collect and persist context and may lead to storing sensitive data or making network calls without explicit constraints.
Install Mechanism
There is no install spec or code—this is instruction-only (lowest install risk). The SKILL.md shows a 'clawhub install autonomia-agente' line, but no install manifest exists; that command may be decorative or unsupported by the registry package as provided.
Credentials
The skill requests no environment variables, no credentials, and no config paths. There are no declarations that suggest access to unrelated services or secrets.
!
Persistence & Privilege
The skill explicitly instructs agents to persist logs and buffers to disk (.autonomia/*). Persisting conversation content and 'details critical' before responding can capture sensitive user data. While the skill is not set to always:true, autonomous invocation is permitted (platform default), increasing the chance the agent will autonomously create and update persistent files unless the user or platform restricts it.
What to consider before installing
This skill appears to do what it claims (make agents proactive and persistent) and contains no code or external install, but it instructs the agent to persist conversation/context data to a .autonomia/ folder and uses vague language about 'monitoring' and 'reaching out.' Before installing: 1) confirm the skill's source (the manifest points to a GitHub repo—verify it); 2) decide whether you are comfortable with the agent writing logs of conversations to disk and set the storage location, retention, and access controls; 3) test in a sandboxed environment first (do not use with secrets or sensitive data); 4) if concerned about autonomous behavior, restrict the agent's ability to act without explicit confirmation or disable autonomous invocation for this skill; 5) ask the author for precise descriptions of what the agent may monitor and any external endpoints it may contact. These steps will reduce privacy and scope risks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfc8hqagr7yzmk2ae7rzqxd83b1xz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments