Validate Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only validation skill is coherent and low-risk, with a minor note that it may track cross-session promises in a local file.
This skill appears safe to install as an instruction-only validation aid. Before using it, decide whether you want cross-session promise tracking in promises.md and proactive notification behavior; avoid storing sensitive details in persistent notes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may store task commitments in a local promises.md file and refer to them across sessions.
The skill instructs the agent to keep a cross-session record of commitments in a file, creating persistent context that may be reused later.
跨会话承诺: - 记录到 promises.md - 48小时过期机制 - 完成后验证结果
Review what gets written to promises.md, avoid storing sensitive commitments there, and delete or limit the file if cross-session tracking is not desired.
The agent may consider sending proactive notifications, but the artifact instructs it to ask first and cap frequency.
The skill discusses proactive messages, but it also limits them and says to ask whether notification is needed, which makes the behavior bounded and user-controlled.
主动消息控制 - 每天最多3条主动消息 - 61%主动消息是噪音 - 先问"是否需要通知"
Confirm whether you want proactive notifications enabled and keep the daily cap if used.