Heartbeats
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is openly about proactive heartbeats, but it gives the agent broad ongoing authority to read sensitive accounts, edit memory, and commit or push changes without asking.
Install only if you intentionally want an agent to run periodic proactive checks. Before enabling it, restrict what accounts and repositories it can access, require approval before commits or pushes, and review any HEARTBEAT.md or MEMORY.md changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A stale or modified HEARTBEAT.md file could steer future agent behavior during background checks.
This makes a workspace file a strict instruction source during autonomous heartbeat runs, without stating that it must remain subordinate to current user intent or require review for sensitive actions.
Read HEARTBEAT.md if it exists (workspace context). Follow it strictly.
Treat HEARTBEAT.md as a limited checklist, not an overriding instruction source; require user confirmation before sensitive or high-impact actions.
The agent could make unwanted changes to a project or push them to a shared remote repository.
The skill explicitly authorizes repository/documentation mutation and remote pushes without asking, but does not define scope, branch controls, diff review, rollback, or user approval.
Proactive work you can do without asking: ... Update documentation ... Commit and push your own changes
Require explicit user approval before file mutations, commits, or pushes, and limit actions to user-specified repositories and branches.
The agent may read sensitive communications or account notifications more broadly than the user expects.
These checks imply access to personal or work accounts, but the artifacts do not specify which accounts, credentials, scopes, folders, calendars, or notification sources are allowed.
Things to check ... Emails - Any urgent unread messages? Calendar - Upcoming events in next 24-48h? Mentions - Twitter/social notifications?
Only connect explicitly chosen accounts and scopes, and document exactly what the agent may read and when.
Incorrect, sensitive, or poisoned memory could persist across tasks, and useful memory could be removed without the user noticing.
The skill directs the agent to write persistent state and modify long-term memory during background heartbeats, including deleting information, without clear user review or retention boundaries.
Track your checks in memory/heartbeat-state.json ... Update MEMORY.md with distilled learnings ... Remove outdated info from MEMORY.md
Require reviewable diffs or confirmation for MEMORY.md edits and deletions, and define what memory files may be read or updated.
The agent may perform periodic checks or send reminders without a live conversation open.
Recurring heartbeat/cron behavior is central to the stated purpose, but users should notice that the skill encourages autonomous tasks and messages outside the main session.
Use cron when ... Output should deliver directly to a channel without main session involvement
Configure heartbeat and cron schedules deliberately, and keep autonomous tasks narrow and reversible.