v1.0.0

Muguozi1 Openclaw Proactivity

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:20 AM.

Analysis

The skill’s core proactivity behavior is mostly scoped and local, but its package makes contradicted testing/certification claims while adding persistent agent state, so it deserves review before use.

GuidanceBefore installing, decide whether you want a more proactive agent with persistent local memory. Review any proposed SOUL/AGENTS/TOOLS/HEARTBEAT edits before approving them, keep sensitive information out of ~/proactivity/, and discount the package’s quality/test badges because the included tests and examples do not substantiate those claims.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

OPTIMIZATION.md

| **测试覆盖** | 100/100 | ✅ 优秀 | ... **认证状态**: ✅ 通过

The artifact presents strong testing and certification claims, but the included test and example scripts are placeholders/no-op demonstrations, so the package overstates assurance for a behavior-changing skill.

User impactA user may trust the skill’s quality or review status more than the included artifacts justify.

RecommendationDo not rely on the badges or certification text; review the actual instructions and require real tests/provenance before treating the package as vetted.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

setup.md

Show the exact snippet immediately and wait for explicit approval before writing it.

Setup proposes edits to workspace behavior files such as SOUL, AGENTS, HEARTBEAT, and TOOLS; the explicit-approval requirement bounds the risk, but these edits can change future agent routing and behavior.

User impactApproved workspace changes may make the agent more proactive in future sessions or tasks.

RecommendationOnly approve the exact snippets in workspaces where you want this behavior, and keep a record so they can be reverted.

Unexpected Code Execution

SeverityInfoConfidenceHighStatusNote

setup.md

mkdir -p ~/proactivity/{domains,memory} ... chmod 700 ~/proactivity ... chmod 600 ~/proactivity/{memory.md,session-state.md,heartbeat.md,patterns.md,log.md}

The setup includes local shell commands to create and permission state files. These commands are scoped and purpose-aligned, but they still write persistent files in the user’s home directory.

User impactInstalling or setting up the skill creates local files that remain after the session.

RecommendationRun the setup only if you want persistent proactivity state, and remove ~/proactivity/ if you later uninstall or stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Local state lives in `~/proactivity/`: ... session state ... heartbeat state ... action log ... working buffer

The skill persists learned boundaries, active task state, follow-ups, logs, and recovery breadcrumbs across uses, which is core to its purpose but can influence future agent behavior.

User impactIncorrect, stale, or sensitive notes in the local proactivity files could affect later suggestions or follow-ups.

RecommendationReview ~/proactivity/ periodically, avoid storing secrets or highly sensitive data there, and clear or correct stale state.