Agentic Workflow System
WarnAudited by ClawScan on May 18, 2026.
Overview
This instruction-only skill openly sets up a background workflow, but it gives agents persistent instructions to run tasks and spawn QA subagents without clear per-task approval or stop controls.
Install this only if you deliberately want continuous background agent work. Before enabling it, review the HEARTBEAT.md changes, keep TASK_BOARD.yaml tightly scoped, define what actions require confirmation, and remove or disable the heartbeat executor when the workflow is no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once installed, an agent may keep working from the task board while the user is absent and may not report activity until a task is finished or blocked.
The skill's core behavior is persistent background agent activity driven by heartbeat files, with no clear pause, uninstall, or per-heartbeat approval mechanism.
operate continuously in the background ... The Heartbeat ... reads the board and executes tasks without user intervention
Use only in an isolated workspace where continuous automation is intended; add an explicit pause/stop procedure and require user approval for destructive, account-changing, public-posting, or network actions.
A broad or unsafe TODO item in TASK_BOARD.yaml could lead the agent to use tools or modify files without asking the user again.
The agent is instructed to automatically start arbitrary queued tasks, but the artifacts do not define allowed tools, task boundaries, or confirmation requirements for high-impact actions.
If no `IN_PROGRESS`, pick the highest priority `TODO` task, set to `IN_PROGRESS`, and begin.
Treat task-board entries as proposals until approved; define allowed tools and require explicit confirmation before deleting files, changing accounts, publishing content, spending money, or touching production systems.
Incorrect, stale, or unauthorized task-board entries could steer future agent work across heartbeats.
The workflow relies on a persistent local file as authoritative context for future agent actions, which is expected for a Kanban workflow but should be protected from stale or unintended edits.
`TASK_BOARD.yaml`: The single source of truth for all tasks.
Review TASK_BOARD.yaml before enabling heartbeats, restrict who can edit it, and avoid storing sensitive details unless the workspace is trusted.
Sensitive task details or generated outputs may be processed by a QA subagent.
The QA loop intentionally shares the user's goal and produced output with another agent runtime; this is purpose-aligned, but the data boundary is not further described.
Use `sessions_spawn(runtime="subagent")` to spawn a strict QA Checker agent. Give it the original goal and the output.
Avoid using the workflow for confidential tasks unless you understand how subagent sessions are isolated, logged, and retained.