Agent Autonomy Kit Zc
Stop waiting for prompts. Keep working.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 84 · 2 current installs · 2 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (turn an agent proactive) matches the content: task queue, heartbeats, cron jobs, team communication and token-budgeting are all expected for an autonomy kit. Nothing in the SKILL.md asks for unrelated capabilities or binaries.
Instruction Scope
Instructions direct agents to read and update local files (tasks/QUEUE.md, memory/YYYY-MM-DD.md), set cron jobs, spawn/team agents, and post to external team channels. Those are within an autonomy kit's remit but grant broad operational scope (continuous operation, external communications, agent spawning) and the doc gives open-ended discretion on what to 'do' during heartbeats—this increases risk if the agent has broad system/network permissions.
Install Mechanism
There is no install spec and no code files—this is instruction-only, so nothing will be downloaded or written by the skill itself during install. Lower install risk, but runtime actions depend on external host tooling (cron, openclaw CLI).
Credentials
The README and templates assume the agent can post to Discord/Slack, run openclaw CLI commands, and write/read memory/task files, but the skill declares no required environment variables or credentials. Missing declarations for channel/webhook tokens or OpenClaw credentials is an incoherence: the skill expects external credentials/permissions but doesn't list them.
Persistence & Privilege
The skill does not set always:true, but it instructs creation of recurring cron jobs and autonomous heartbeats that enable persistent, long-running activity. The skill itself doesn't directly request persistent platform privileges, but following its instructions will create persistent behavior—users should treat that as an elevation of runtime privilege.
Scan Findings in Context
[no-code-to-scan] expected: The regex scanner found no code files to analyze — this is expected because the skill is instruction-only. That increases the importance of manual review of SKILL.md and README, since there is no embedded code to inspect.
What to consider before installing
This kit is consistent with its goal of making agents proactive, but it assumes the host provides permissions and credentials it doesn't declare. Before installing or running it: 1) Confirm where cron jobs will run and which account creates them; run first in an isolated/test agent to observe behavior. 2) Identify and explicitly provision any credentials (OpenClaw auth, Discord/Slack webhooks or bot tokens) and only grant the minimum scopes needed for posting. 3) Limit heartbeat frequency and enforce token/budget caps to avoid runaway costs. 4) Require human-in-the-loop gates for agent spawning or high-impact actions. 5) Log all automated actions and review memory/task updates periodically. If you need higher assurance, request the author to declare required env vars and a tighter, less open-ended heartbeat procedure before use.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.3
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚀 Clawdis
SKILL.md
Agent Autonomy Kit
Transform your agent from reactive to proactive.
Quick Start
- Create
tasks/QUEUE.mdwith Ready/In Progress/Blocked/Done sections - Update
HEARTBEAT.mdto pull from queue and do work - Set up cron jobs for overnight work and daily reports
- Watch work happen without prompting
Key Concepts
- Task Queue — Always have work ready
- Proactive Heartbeat — Do work, don't just check
- Continuous Operation — Work until limits hit
See README.md for full documentation.
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…