Aeon Proactivity
v2.7.0AEON主动伙伴技能包。特性:主动学习、记录、改进。在对话交互中被动观察用户反馈,自动记录教训和改进建议。
⭐ 0· 173·0 current·0 all-time
byQing WETH@gu2003li
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (proactive learning, recording, improving) matches the declared permissions (localStorage.read/write) and instruction-only behavior. Nothing in the manifest requests unrelated services, binaries, or credentials.
Instruction Scope
SKILL.md stays within local observation and local storage operations (logging corrections, reminders, summaries). A few instructions are broad (e.g., "monitor for clarification opportunities" and cross-session reminders) and could lead to persistent recording of conversational content; the skill's privacy note claims sensitive information will not be recorded, but enforcement is left to the agent logic. Recommend explicit rules for what qualifies as "sensitive" to avoid accidental logging of PII.
Install Mechanism
Instruction-only skill with no install spec and no code files—no disk-installed artifacts and therefore low install risk.
Credentials
No required environment variables, no credentials, and only localStorage read/write permissions are declared. Those permissions are appropriate for a memory/memoization helper. The privacy note in _meta.json asserting no external transmission is consistent with SKILL.md.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. However, it is allowed to be invoked autonomously by the agent (platform default) and can write persistent local storage; combined, that means it can accumulate notes over time. This is expected for a memory-style skill but worth auditing for retention/approval controls.
Assessment
This skill appears to do what it says: observe conversations and store local notes. Before installing, consider: 1) define and enforce what counts as sensitive (PII, secrets) so the agent won't accidentally save them; 2) set retention/cleanup rules and review stored memory files periodically; 3) prefer manual confirmation for any automated writing actions (especially backups, scripts, or config logs); 4) monitor suggestions to "install" or "create scripts" before the agent takes action that affects your system; and 5) test in a non-sensitive session to verify behavior matches the privacy claims. Overall the package is coherent and low-risk, but the safety of recorded content depends on how strictly the agent follows the privacy rules.Like a lobster shell, security has layers — review code before you run it.
latestvk97c0bbwk4ymw081ah4kfa14n183ehgb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.