Agent Autonomy Kit Zc
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: agent-autonomy-kit-zc Version: 1.0.4 The Agent Autonomy Kit is a productivity framework designed to transition OpenClaw agents from reactive to proactive states using a task queue and scheduled heartbeat routines. The bundle consists of markdown templates (QUEUE.md, HEARTBEAT.md) and instructions for setting up OpenClaw cron jobs to automate background tasks. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the logic is entirely consistent with the stated goal of maximizing agent utility through self-directed task management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After setup, the agent may continue working in the background and consume tokens or take actions based on queued tasks even when the user is not actively supervising it.
The README documents cron jobs that wake the agent and run work sessions without a human prompt, creating persistent autonomous behavior.
These run automatically — no human prompt needed.
Enable cron or heartbeat automation only after defining allowed task types, active hours, spending/token limits, approval gates, and an easy way to pause or remove the jobs.
If the agent has access to files, accounts, web tools, posting tools, or code tools, vague queue items could lead it to take broader actions than the user expected.
The heartbeat template directs the agent to choose and execute open-ended tasks from a markdown queue, without specifying approval checks or limits on what tools/actions may be used.
Read `tasks/QUEUE.md` ... Pick highest-priority Ready task you can do ... Do meaningful work on it ... If time/tokens remain, pick another task
Use explicit task templates with allowed tools, forbidden actions, required confirmations for external changes, and sandboxed file paths before enabling autonomous work.
Bad, stale, or overly broad tasks placed in the queue could steer future agent sessions and be repeatedly reused across heartbeats.
The persistent task queue can be modified by agents and then used to drive future autonomous work, but the artifacts do not describe validation, provenance, or review of queued tasks.
Any agent can pick up a "Ready" task ... Add new tasks as you discover them
Restrict who can edit the queue, treat queued text as untrusted task data rather than authority, require human review for new high-impact tasks, and periodically audit memory and queue files.
An erroneous task, unsafe instruction, or mistaken priority could be amplified across several agents, files, sessions, or team channels.
A scheduled event can spawn additional team members for parallel work based on the shared queue, so one bad queued task or instruction could propagate across multiple agents.
--system-event "Morning kickoff: Review task queue, pick top priorities, spawn team members for parallel work."
Require confirmation before spawning additional agents, limit which tasks can be parallelized, isolate agent permissions, and log all autonomous handoffs.
Progress updates or handoffs could expose task details to a shared channel, and messages from that channel could influence agent work if users treat it as a trusted coordination space.
Team-channel communication is purpose-aligned, but the artifacts do not define identity checks, channel membership assumptions, or what information is safe to post.
Agents communicate through Discord (or configured channel): Progress updates ... Handoffs ... Blockers ... Discoveries
Use private channels, verify membership, avoid posting sensitive data, and make clear which channel messages are instructions versus informal discussion.
Following the clone instruction could install unreviewed or changed content from GitHub.
The reviewed package is instruction-only, but the README recommends cloning an external repository, which may contain content outside the reviewed artifacts and is not pinned to a commit.
git clone https://github.com/reflectt/agent-autonomy-kit.git skills/agent-autonomy-kit
Verify the repository owner and contents, pin to a trusted commit or release, and review any additional files before using them.