Agent Sleep
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-sleep Version: 1.1.0 The skill is classified as suspicious primarily due to the presence of `scripts/note.py`, an unannounced file unrelated to the 'agent-sleep' functionality. This script contains a hardcoded absolute path (`/Users/guohongbin/mcp-note-taker`) for storing notes, which is a significant vulnerability as it makes the script non-portable and could lead to unintended file system interactions if executed in an environment where this specific path exists. Additionally, there are notable functional discrepancies between the skill's documentation (SKILL.md, AGENT.md, README.md) and the actual implementation in `scripts/run_sleep_cycle.py`, which only supports a 'light' sleep mode and lacks the described deep sleep, archiving, cleanup, and CortexGraph synchronization features.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled as described, the agent could remove log or temporary files the user did not intend to delete.
The agent-facing behavior includes file deletion by broad glob patterns, but the artifacts do not clearly restrict the deletion to a safe directory, require confirmation, or describe recovery.
5. DELETES temp files (`*.tmp`, `*.log`).
Require explicit user opt-in for cleanup, restrict deletion to a documented skill-owned directory, show a dry-run list before deleting, and document restore/backup behavior.
A scheduled sleep cycle may keep running periodically and modify memory or cleanup files even when the user is not actively supervising it.
The skill explicitly recommends scheduled cron execution. This is purpose-aligned for a sleep/maintenance tool, but it creates persistent automation that users should knowingly enable and be able to disable.
schedule 设置生物钟(cron jobs) ```bash python3 scripts/schedule.py --set "0 3 * * *"
Only enable scheduling after reviewing the exact command, document how to disable the cron/heartbeat entry, and keep scheduled actions limited to safe, user-approved paths.
If invoked, the skill could read private notes into the agent context or write new persistent notes outside the expected workspace.
An included helper accesses a hard-coded external note-taker storage path that is not described in SKILL.md, and the script can append notes or print the last notes.
NOTE_TAKER_DIR = Path("/Users/guohongbin/mcp-note-taker")
NOTES_FILE = NOTE_TAKER_DIR / "notes.txt"Remove the helper if it is not part of the skill, or clearly document it, make the notes path user-configurable, and require user approval before reading or writing persistent notes.
The installed skill may fail, or a user/agent may seek or create missing automation code that was not reviewed with this package.
The documentation references helper scripts that are not present in the provided file manifest, while README.md also references a src/ path that does not match the included scripts/ path.
python3 scripts/sleep_status.py ... python3 scripts/schedule.py --set "0 3 * * *"
Ship the referenced scripts or remove the instructions, keep paths consistent, and review any additional helper code before scheduling or running it.