Kickstart
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Kickstart is mostly a setup/template skill, but it creates persistent agent memory and automation patterns and includes guidance that could store API keys or private context in local memory, so it deserves review before use.
Install only if you want this skill to set up persistent agent memory, persona, heartbeat, and automation scaffolding. Before running setup, edit the templates so they forbid saving secret values such as API keys, tokens, cookies, passwords, and private keys; review any files copied into your workspace; and scope any optional integrations to the minimum access needed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets or private account details could end up saved in workspace memory files and later be loaded into sessions, shared with sub-agents, or accidentally exposed.
The memory guide tells the agent to log API keys in persistent daily notes, while those files are intended to be automatically written and later distilled into long-term memory. This creates a risk of plaintext credential storage and later reuse in context.
- API keys, project IDs, URLs, file paths (anything you'll need again)
Change the memory rules to store credential names or locations only, never secret values; add explicit exclusions for tokens, passwords, cookies, private keys, and API keys; and require explicit user approval before saving any sensitive data.
Information written into memory may persist and affect future conversations, including in ways the user later forgets or does not intend.
The installed operating manual makes memory files automatically loaded across sessions. This is expected for a memory setup skill, but it means stale, incorrect, or sensitive file contents can influence future agent behavior.
Before doing anything else: ... Read `memory/YYYY-MM-DD.md` (today + yesterday) ... Also read `MEMORY.md` ... Do this automatically at the start of each session.
Review memory files regularly, keep MEMORY.md curated, avoid saving secrets, and add clear rules for what may not be loaded in shared or group contexts.
Personal details, project information, or constraints could be propagated into sub-agent sessions or automation payloads more broadly than necessary.
The sub-agent protocol encourages passing rich personal and project context to spawned agents or isolated cron jobs. That is purpose-aligned for orchestration, but it expands where private context is copied.
Pack full context into every spawned task... WHO YOU'RE WORKING FOR [Key facts about the human: name, role, preferences, communication style] [Active projects and current priorities] [Key relationships the agent should know about]
Minimize context bundles to only what the sub-agent needs, exclude secrets and unrelated personal data, and define which agents/channels may receive private context.
The agent may make background updates to memory or project documentation during configured heartbeat activity.
The skill intentionally enables proactive maintenance behavior during heartbeats. This is disclosed and aligned with the automation-scaffolding purpose, but it grants ongoing autonomous behavior.
**Proactive work (do without asking):** Read/organise memory, check projects, update docs, review and maintain MEMORY.md.
Keep heartbeat tasks narrow, require approval for external actions or nontrivial file changes, and monitor heartbeat/cron run history.
Installing or first loading the skill can add persistent files that affect future agent behavior.
The skill asks the agent to create local workspace files. This is expected for a setup skill and includes an overwrite safeguard, but users should know it changes the workspace.
Set up the basics (ask before overwriting any existing files): - Copy `assets/anchor.md` into the workspace root if no anchor.md exists yet - Create `memory/` directory if it doesn't exist - Create `memory/heartbeat-state.json`
Review the created files before continuing setup, and keep backups of any existing AGENTS.md, SOUL.md, MEMORY.md, or anchor.md files.
If the user follows the checklist, the agent may gain access to communication channels, code repositories, calendars, social accounts, or databases depending on what is configured.
The skill recommends optional integrations that use account credentials and API keys. This is normal for an integration checklist and it does not show hardcoded or leaked secrets, but the user should scope these credentials carefully.
Discord Bot ... Copy token ... Telegram Bot ... copy token ... GitHub CLI ... `gh auth login` ... Postiz ... Get API key ... Supabase ... Get URL and keys
Use least-privilege tokens, channel allowlists, separate service accounts where possible, and revoke any integration the agent no longer needs.