Employee
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill transparently creates local AI worker profiles with persistent memory and optional autonomy, so it appears coherent but should be configured carefully.
This skill is reasonable if you want a local AI employee framework. Start workers in shadow or draft-only mode, keep file and system permissions narrow, review ~/employee memory and logs, and be cautious before enabling auto-delegation or autonomous actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information or instructions added to an employee's memory may be reused across sessions and could affect later outputs.
The skill intentionally stores and reloads persistent employee memory, so anything written there can influence future tasks.
Load `memory/context.md` before every task - Employees remember context across sessions - Log learnings after each task
Only train employees on trusted material, periodically review memory/context.md, and avoid storing secrets unless necessary.
A delegated worker may perform tasks through a separate agent flow, especially if auto-delegation is enabled.
The skill can route work to spawned subagents with persistent context. This is disclosed and central to the purpose, but it increases automation complexity.
Load skill (linked/embedded/clawhub) 3. Inject memory/context.md as context 4. Spawn as subagent with employee's model 5. Execute task
Start employees in shadow or draft-only mode, keep canSpawn/canMessage disabled unless needed, and require human review for external effects.
If you promote an employee to autonomous and grant access, it may change files or perform external actions under your authority.
The autonomous level can delegate potentially account- or repository-changing actions, though the artifacts require explicit approval and defined permissions.
Autonomous - Full delegation within defined permissions - Employee sends, commits, merges within scope - Reserved for proven employees only - Requires explicit user approval to reach
Use narrow permissions, review employee.json before promotion, and reserve autonomous mode for well-tested, low-risk workflows.
A worker connected to an unreviewed or changed skill could inherit that skill's risks.
Employees can be linked to other local, embedded, or ClawHub skills, so their behavior may depend on artifacts outside this review.
| linked | Uses existing skill | `"type": "linked", "path": "~/path/to/skill/"` | | embedded | Skill inside employee folder | `"type": "embedded"` | | clawhub | Published skill | `"type": "clawhub", "slug": "author/skill-name"` |
Link only reviewed skills, record the intended skill source/version where possible, and re-check permissions when changing linked skills.