Skill Auto-Use
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill openly tells the agent to auto-use every installed skill through persistent rules without asking, which is broad enough to need careful review.
Only install this if you truly want broad automatic skill selection. Safer use would require a small, user-reviewed trigger table, no blanket 'no exceptions' rule, and confirmation before any skill that can access private data, change files, use accounts, publish content, or trigger other tools.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may invoke skills even when the user did not explicitly request them for that task.
This directly instructs the agent to bypass case-by-case user confirmation and treat inferred trigger matches as sufficient authority.
On every user message, scan the trigger table mentally. If a skill matches, use it. Don't ask "should I use X?" Just use it.
Do not use this as a blanket rule; require explicit confirmation for sensitive or irreversible skill actions and allow users to opt out per task.
A simple request could trigger several tools or account integrations at once, increasing the chance of unintended actions.
The instruction encourages chained use of multiple installed skills without approval or scoping, which can be unsafe when installed skills have network, account, file, or mutation authority.
If a message matches multiple skills, use all of them.
Limit auto-use to low-risk read-only skills, require approval before chaining tools, and define clear per-skill boundaries.
Bad trigger rules could continue causing unwanted skill use later, even in unrelated conversations.
The trigger table is intended to persist in workspace memory and influence future behavior, so incorrect or manipulated entries could steer the agent across sessions.
Maintain a trigger table in your workspace (e.g., `memory/protocols.md` or a dedicated `skill-triggers.md`).
Keep the trigger table user-reviewed, scoped, and editable; avoid storing unconditional automation rules in long-term memory.
The agent may keep broadening automatic behavior after installation, making future actions harder to predict.
The skill asks the agent to maintain and expand its own auto-use rules over time, including during heartbeat/review passes rather than only in direct response to a user request.
During heartbeat or review passes, check: - Are there installed skills without triggers? Add them.
Disable autonomous heartbeat maintenance for this behavior and require user review before adding or changing triggers.
The agent may assume more permission than the user intended by installing a skill.
This frames installation as blanket consent for future use, which can lead the agent to skip asking before high-impact actions.
The user installed the skill because they want it used.
Treat installation as availability, not automatic approval; ask before using skills that access accounts, change files, publish content, or spend resources.