Autonomy
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent and instruction-only, but it is designed to move broad workflows into ongoing agent ownership with reduced notification, including potentially high-impact tasks.
Review this skill carefully before installing. It does not contain code or hidden network behavior, and it includes important safety promises, but its purpose is to reduce human approval over time. If you use it, start with low-risk tasks, keep notifications enabled, set expiration and rollback rules, and do not delegate access, finance, production, deployment, or public communication actions without strict written scope and review.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If delegated too broadly, the agent could perform business or operational actions with limited review after a pilot period.
The skill lists takeover candidates that can mutate repositories, financial/business records, account access, external communications, and deployment environments.
### Approvals - PR merges that always get approved - Expense reports under threshold - Access requests for standard tools ... ### Communications - Routine client responses ... ### Operations - Deployments to non-production
Only approve narrow, low-risk workflows at first; require explicit per-task scope, notification, rollback, and human review for access, finance, deployment, public communication, or production-impacting actions.
The agent may continue acting on delegated workflows after the original conversation, and the user may not notice routine actions unless an exception occurs.
The expansion process explicitly aims for ongoing autonomous task ownership with reduced routine visibility.
### Phase 5: Full Ownership - Agent owns the task - No notifications unless exceptions - Human only involved for edge cases - Duration: Ongoing
Require periodic reports, expiration dates, and an easy revocation process for every delegated workflow; avoid no-notification mode for high-impact tasks.
Approving a delegation can let the agent act without asking each time inside the approved scope.
The skill is explicit about asking for delegated authority, and it requires approval, but that authority changes the normal permission boundary for future actions.
Proposal: I could handle [specific task] without asking each time. Pilot: First 5x I'll do it and tell you after. Then: Full autonomy if you're happy.
Approve only clearly bounded scopes, document what tools/accounts may be used, and specify which actions still require confirmation.
Stale or incorrect delegation records could cause the agent to assume permissions or preferences that no longer apply.
The skill keeps persistent local records of delegations, proposals, and rejected requests, which can influence future behavior.
~/autonomy/ ├── tracking.md # What's been delegated, success rates ├── proposals.md # Pending takeover proposals └── rejected.md # User declined, don't re-propose
Review the ~/autonomy files periodically, remove outdated delegations, and avoid storing sensitive details in the tracking files.