Proactive Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for a proactive assistant, but it gives the agent broad persistent memory and autonomous behavior that should be reviewed and tightly configured before use.
Install only if you want a highly proactive, memory-heavy agent. Before use, disable or review BOOTSTRAP.md behavior, make heartbeats read-only, explicitly scope email/calendar access, require approval for file/app/browser changes, and set clear rules for what may be stored or edited in memory files.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A planted or outdated BOOTSTRAP.md could redirect the agent into unintended actions and then remove evidence of what caused it.
This makes an arbitrary workspace file authoritative on first run and tells the agent to delete it afterward, without source validation or user confirmation.
If `BOOTSTRAP.md` exists, follow it, then delete it.
Require explicit user review before following any bootstrap file, restrict it to a trusted template/location, and do not delete it without approval.
The agent may read private email or calendar information more broadly than the user expects.
Recurring email and calendar inspection is sensitive account access, but the artifacts do not clearly scope which accounts, credentials, calendars, or messages may be accessed.
Things to check: - Emails - urgent unread? - Calendar - upcoming events?
Configure exact accounts and read-only scopes, require opt-in before email/calendar access, and document what data may be stored in memory.
Sensitive personal or business details may be written into local memory files even when the user did not explicitly ask for them to be retained.
The WAL protocol automatically persists many categories of user context, including names, preferences, decisions, IDs, URLs, and other specific values.
SCAN EVERY MESSAGE FOR ... Proper nouns ... Preferences ... Decisions ... Specific values ... WRITE — Update SESSION-STATE.md
Add retention limits, excluded data types, secret detection, user review, and a clear way to purge or disable memory capture.
Agent behavior can drift over time, and a bad lesson or poisoned context could become a persistent instruction for future sessions.
The skill encourages the agent to modify persistent operating rules and even skill files without routine user review.
Learn a lesson → update AGENTS.md, TOOLS.md, or skill file ... Don't wait for permission to improve.
Require approval or diffs before changing AGENTS.md, SOUL.md, TOOLS.md, or skill files, especially for behavioral rules.
Background check-ins could disrupt work, close useful state, or remove files unless approval rules are enforced.
The heartbeat routine is periodic/autonomous and includes actions that can change the user's local environment, including closing apps/tabs and moving files to trash.
Configure your agent to poll this during heartbeats ... Close Unused Apps ... Browser Tab Hygiene ... Desktop Cleanup ... Move old screenshots to trash
Make heartbeat actions read-only by default, require confirmation for closing apps/tabs or trashing files, and let the user disable autonomous polling.
Running the audit may read workspace files, .env files, credential-file metadata, and local Clawdbot configuration.
The included shell script scans local files and configuration for security issues; this is purpose-aligned and contains no network exfiltration, but it does inspect potentially sensitive local files.
for f in $(ls *.md *.json *.yaml *.yml .env* 2>/dev/null || true); do ... grep -iE "$SECRET_PATTERNS" "$f"
Review the script before running it and execute it only in the intended workspace.
Users have less external context for trusting the author or verifying the source.
The artifact has limited provenance information, though the runnable script is included for review and there is no remote install step.
Source: unknown; Homepage: none; No install spec; 1 code file(s): scripts/security-audit.sh
Review the files locally and prefer installing from a known, trusted source or repository.