Zown Gemini Governor
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is mostly about rate-limit management, but it tells the agent to modify persistent memory/identity files and automatically run an unprovided local Python script.
Review carefully before installing. The rate-limit-management idea is understandable, but you should not let it automatically run `scripts/cooldown.py` or rewrite memory/identity files unless you control those files, have backups, and explicitly approve each change.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local script you did not intend to execute, and that script’s behavior is not visible in this skill package.
The skill mandates running a local Python script, but the artifact set contains no such script or install spec, so the agent could execute unreviewed code from the current environment.
Run `python3 scripts/cooldown.py 60` to force a 60-second pause. This is not optional;
Do not allow automatic execution of this command unless you have inspected the exact `scripts/cooldown.py` file in the working directory, or replace it with a safe built-in wait/sleep instruction.
Important context or identity information could be shortened, overwritten, or distorted, and future tasks may rely on an incomplete or poisoned summary.
The skill instructs the agent to rewrite or compact persistent memory/context files without defining scope, approval, backups, retention, or how future sessions should trust the summary.
Summarize your history into `MEMORY.md` and keep your live context files under 500 tokens.
Require explicit user approval before modifying memory or identity files, keep backups, and limit compaction to user-selected files.
Bad or sensitive information could be repeatedly written into persistent memory and reused later outside the original task.
The skill creates ongoing persistent memory updates after each step, which can propagate mistakes or untrusted information across restarts and future sessions.
Ensure `MEMORY.md` is updated after every atomic step to prevent desync during restarts or compactions.
Make memory updates opt-in, reviewable, and limited to non-sensitive task summaries.
Some questions or content may be passed to the local Gemini CLI rather than handled only in the current agent session.
Calling a Gemini CLI is related to the skill’s Gemini-focused purpose, but it is not declared as a required binary and may send prompt content through an external command using the user's local configuration.
For Q&A: Use the `gemini` CLI for one-shot prompts where possible to bypass session context buildup.
Use the CLI only with user awareness, avoid sending sensitive content, and document the required CLI and authentication assumptions.