v1.0.0

Intelligent Delegation

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:48 AM.

Analysis

This delegation framework is mostly coherent, but its scoring tool appears to underrate irreversible tasks while recommending autonomy, so users should review it before relying on it.

GuidanceBefore installing, review and fix the scoring tool’s reversibility logic, then use the framework with explicit approval rules for irreversible, sensitive, or external-impact tasks. Keep scheduled cron checks one-shot and removable, limit what sub-agents receive, and avoid storing private task details in the performance log.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

tools/score_task.py

"reversibility": "Can effects be undone? (1=fully reversible, 5=irreversible)" ... risk = (scores["criticality"] + (6 - scores["reversibility"]) + scores["subjectivity"]) / 3

The tool defines higher reversibility scores as more irreversible, but the autonomy/risk formula subtracts that score from 6, making irreversible tasks contribute less risk.

User impactAn agent or user relying on this tool could receive a lower risk level or more open-ended autonomy recommendation for tasks whose effects are hard to undo.

RecommendationFix the calculation to treat higher reversibility scores as higher risk, and manually require human approval for irreversible or high-impact tasks until corrected.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

For every background task, schedule a one-shot cron job to check on completion

The skill explicitly recommends a persistence mechanism that can wake the agent later to check background work.

User impactThe agent may continue scheduled follow-up activity after the initial interaction, even though it is described as one-shot and task-focused.

RecommendationUse cron checks only for user-approved background tasks, record the cron job ID, and remove stale or completed scheduled jobs.

Cascading Failures

SeverityLowConfidenceHighStatusNote

templates/fallback-chains.md

When a task fails, don't just report failure — attempt automatic recovery.

The fallback design intentionally retries, reroutes, or switches methods after failure, which can propagate a bad task or bad assumptions if not bounded.

User impactA failed task may trigger additional agent attempts or scripts before the user sees the final result.

RecommendationSet explicit retry limits, require human approval for irreversible or external actions, and stop escalation chains when security or ambiguity is detected.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Create `memory/agent-performance.md` to track: Success rate per agent ... Known failure modes ... "Best for" / "Avoid for" heuristics

The skill stores persistent performance notes and directs the agent to consult them before future delegations.

User impactPersistent notes may influence future routing decisions and could retain sensitive task details if users or agents log too much context.

RecommendationKeep the performance log minimal, redact sensitive information, and treat logged lessons as advisory rather than authoritative.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

templates/task-contracts.md

- **Delegatee:** agent tier/name ... - **Input:** What the agent receives ... - **Data sensitivity:** Privacy requirements

The framework is designed around sending tasks and inputs to other agents, including fields for data sensitivity and delegation scope.

User impactTask context may be shared with sub-agents, so private or sensitive inputs need explicit boundaries.

RecommendationSpecify which data may be shared with each delegatee, avoid sending secrets or unnecessary private context, and require human approval for sensitive delegations.