Proactive Agent Skill 1.0.0
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: proactive-agent-skill-1-0-0 Version: 1.0.0 The skill bundle contains instructions for an AI agent to establish persistence via system crontabs and access sensitive personal data sources like email inboxes and calendars under the guise of 'proactivity'. It also mandates a 'Write-Ahead Logging' (WAL) protocol that instructs the agent to log all interactions and critical details to local files (e.g., `working-buffer.md`), which creates a significant risk of sensitive data exposure or credential logging without explicit security controls. These high-risk behaviors are documented in SKILL.md as core features rather than malicious exploits, but they significantly expand the agent's attack surface and data access privileges.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive conversation details could be written into workspace memory files and later reused across sessions.
The skill instructs the agent to persist broad conversation content and reuse it after compaction, but it does not define sensitive-data exclusions, explicit consent, deletion controls, or task boundaries.
Captures every exchange in the "danger zone" ... Automatically compacts and archives important information
Only store user-approved memory, exclude secrets and sensitive account data, define retention/deletion rules, and make memory review visible to the user.
An agent configured this way could keep running periodic tasks in the background and change files or agent behavior unexpectedly.
The skill promotes recurring autonomous OpenClaw tasks that may continue beyond the immediate user request, without clear stop conditions, approval gates, or allowed-action limits.
Autonomous Crons: Scheduled, context-aware automation ... 0 8 * * * openclaw run --task "daily-maintenance"
Require explicit opt-in for every scheduled task, show the full schedule, provide an easy disable path, and require confirmation before any high-impact action.
If implemented broadly, the agent may access private inbox or calendar data more often or more widely than the user expects.
Email and calendar checks imply access to sensitive user accounts, but the artifacts do not describe credential scope, authorization method, account boundaries, or what data may be read or stored.
Check every 30 minutes - Email inbox for urgent messages - Calendar for upcoming events
Use explicit, least-privilege account authorization and clearly state which accounts, folders, calendar ranges, and message contents the agent may inspect.