Atlas Argos
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill asks an agent to autonomously operate a crypto-trading bot with broad system, code, account, payment, and public-posting authority without clear approval or scope controls.
Only install this if you truly want the agent to act as an operator for your ARGOS machine and accounts. Before use, restrict it to specific directories and credentials, require manual approval for code edits, restarts, account/payment changes, package installs, and public posts, and disable any cron/background behavior until logging and stop controls are in place.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prioritize the skill’s autonomous business-operator goals over the user’s immediate instructions or normal safety boundaries.
The skill frames itself as a system prompt, overrides the assistant identity, and instructs proactive action rather than user-directed task execution.
# OPENCLAW — SYSTEM PROMPT: GESTOR AUTÓNOMO DO ARGOS ... Não és o ChatGPT, não és o Claude ... Proactivo — não esperas que te digam o que fazer.
Rewrite the skill as task-scoped guidance, remove system-prompt/identity override language, and require explicit user approval for autonomous work.
A mistake or unsafe instruction could alter production bot code, restart services, affect users, or change local system state.
The skill asks for broad local system, terminal, process, code-editing, and production restart authority without clear approval, path, rollback, or containment limits.
- Acesso: Todo o sistema de ficheiros, internet, terminal bash, processos ... Se for bug de código → corrigir tu mesmo ... Reiniciar: `cd $ARGOS_DIR && source venv/bin/activate && nohup python3 main.py &`
Limit operations to specific ARGOS paths, require confirmation before edits/restarts/deploys/public posts, and add rollback, logging, and dry-run steps.
The agent could grant or revoke customer access, use service credentials, or send messages through the bot/account in ways the user did not explicitly approve.
The skill directs the agent to make user-tier decisions, promote/demote accounts, handle payment state, and use a Telegram bot token, but the artifact does not define credential scope or approval controls.
TU (ATLAS) decides ... `/adduser ID` ou `/addpremium ID` ... Webhook confirma pagamento ... ATLAS promove automaticamente para Premium ... `https://api.telegram.org/bot$BOT_TOKEN/sendMessage`
Declare required credentials, use least-privilege tokens, require explicit owner approval for access/payment changes, and keep an audit log of every account mutation.
If the agent follows this setup, it may add unreviewed or version-changing dependencies to the environment.
The skill documents installing an external package, but the provided install metadata has no install spec or pinned dependency context.
Para automatizar posts no X: ... `pip install tweepy`
Document dependencies in an install spec, pin versions, and require user confirmation before package installation.
Customer/payment-related information or operational details could persist locally and be reused or exposed later without clear controls.
The skill creates persistent local operational and payment/subscription records, but does not specify contents, access permissions, retention, or whether sensitive data should be excluded.
Documenta no ficheiro `~/argos_issues.md` ... Guardar registo em `~/argos_payments.json`
Define exactly what may be stored, avoid secrets and payment details, set restrictive file permissions, and add retention/deletion rules.
Sensitive source code, logs, bot tokens, or customer data could be shared with other AI services if the agent treats 'contexto completo' literally.
The skill instructs delegation to another AI tool and references cloud LLMs, including sending complete context, without boundaries for logs, code, credentials, or user data.
Antigravity: Ferramenta de coding AI disponível ... LLMs disponíveis: Gemini (cloud), Groq (cloud), Ollama local ... Delega ao Antigravity ... contexto completo
Require user approval before sharing context with external tools, redact secrets/logs, and define which data may be sent to each provider.
The agent could continue operating, changing accounts, or managing production behavior beyond a single user request.
The skill describes ongoing autonomous maintenance and scheduled recurring operations, including cron-like daily and monthly actions, without explicit opt-in, stop conditions, or oversight.
manter o ARGOS a funcionar 24/7 ... Tarefas diárias (cron ou manual) ... Dia 1 de cada mês: verificar quem tem subscrição activa
Do not enable background or recurring actions by default; require explicit scheduling consent, clear stop controls, and reviewable logs.