Autonomy Ladder
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent, but its default framework would let an agent perform production, financial, infrastructure, and credential actions without prior approval.
Only install or copy this framework after rewriting the example tiers for your own environment. Treat refunds, production deploys, credential changes, infrastructure changes, public/customer communications, and sensitive-data work as approval-required unless you have precise limits, runbooks, rollback steps, and audit logging.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied without careful changes, the agent could make real account, production, or business changes before the user reviews them.
These default Tier 2 examples tell the agent to act immediately and report afterward for business, production, code, and infrastructure changes. The actions are high-impact and not clearly bounded by explicit approval, rollback, or containment requirements.
- Process refunds under $50 - Deploy bug fixes to production (must verify fix works) - Merge PRs that pass CI with no conflicts - Scale infrastructure up/down within budget guardrails
Move production deploys, refunds, PR merges, infrastructure scaling, and similar account-mutating actions to an approval-required tier unless the user has defined narrow scopes, limits, rollback steps, and audit requirements.
An agent following this rule could change credentials or API keys before the user approves the exact account, service, or rotation plan.
The default Tier 1 list places credential and API-key rotation in an act-immediately tier. That would require privileged access and can break or expose connected systems if not tightly scoped.
- Rotate expired credentials and API keys
Require explicit approval for credential and API-key changes, or define exact services, rotation procedures, notification requirements, and rollback plans before allowing autonomous execution.
The agent may keep applying these autonomy rules later, even when the context has changed.
The skill is designed to become persistent agent guidance. That is purpose-aligned, but it means any overly broad or stale autonomy rules may be reused across future sessions.
Add this to your `MEMORY.md` and reference it from `SOUL.md`
Store only customized, conservative rules in persistent memory, review them regularly, and require approval for changes to the ladder itself.
A mistaken autonomous action could affect live systems before the user has a chance to intervene.
These examples involve production and infrastructure operations. A wrong classification or bad automated action could propagate into service outages, failed deployments, or cost changes.
- Fix monitoring alerts and restart crashed services - Deploy bug fixes to production (must verify fix works) - Scale infrastructure up/down within budget guardrails
Keep production and infrastructure actions approval-gated unless there are explicit runbooks, health checks, rollback procedures, and budget/service limits.