Agent Dreams
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is transparent about scheduling background agent work, but it encourages recurring autonomous actions over private accounts, workspace files, git changes, and memory without tight scoping or approval.
Install only if you explicitly want proactive background agent behavior. Before using it, define exact cron/heartbeat tasks, allowed accounts and folders, read/write limits, logging, expiration dates, and a disable procedure. Require approval before posting, sending messages, deleting or reorganizing files, making commits, purchases, or any other irreversible action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may continue acting on a schedule after the original request, which can surprise the user or repeat actions without fresh approval.
The skill intentionally promotes recurring autonomous work outside the immediate user interaction.
Use when setting up proactive behaviors, scheduling background tasks, or making your agent work while you sleep.
Require explicit user approval for each heartbeat or cron job, include clear stop/disable instructions, add logging, and set expiration or review dates for recurring tasks.
Unreviewed file organization or commits could alter important work, commit incorrect changes, or make later recovery harder.
The skill frames workspace mutation and git commits as actions the agent can perform without asking, which can change user projects while running in the background.
### Low Risk (do freely) - Organize and clean up workspace files - Update documentation - Review and commit git changes
Treat file cleanup and git commits as approval-required actions; require diffs, backups, branch isolation, and explicit user confirmation before committing or reorganizing files.
The agent could publish or interact through social accounts on a schedule without the user's final review.
A recurring social-media task is allowed to post content, which conflicts with the later ask-first guidance for public posting.
Social Pulse (every 6h): Check Twitter mentions and DMs. Review any Discord channels for relevant conversations. Post something interesting if inspiration strikes.
Make all external communication and public posting draft-only unless the user gives explicit approval for the exact message and destination.
Private emails, calendar events, DMs, and notifications could be read or summarized by recurring jobs more broadly than the user intended.
The heartbeat template directs the agent to access private communications and account data, but the skill has no credential declarations or account/channel scope.
- [ ] Unread emails — anything urgent? - [ ] Calendar — events in next 2 hours? - [ ] Mentions — Twitter/Discord notifications?
Define exact accounts, channels, read-only scopes, retention rules, and approval requirements before enabling any email, calendar, Twitter, Discord, or DM checks.
Incorrect, sensitive, or maliciously influenced memory entries could persist and steer future tasks.
The skill intentionally maintains persistent memory files that may influence future agent behavior.
Review all memory/YYYY-MM-DD.md files from the past week. Update MEMORY.md with significant events and lessons. Archive or summarize old daily files.
Keep memory files scoped, review changes before reuse, and avoid storing secrets or sensitive personal content unless explicitly needed.