autonomy-gate
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only autonomy gate, but it can allow external or service-impacting actions and relies on mutable self-updated permission state without enough hard boundaries.
Treat this as an advisory policy, not a technical enforcement mechanism. Before installing, make the autonomy state read-only to the agent, require human approval for level changes and service shutdowns, define real approved channels/templates, and review the recorded spam incident before allowing any outbound messaging.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with operational tools could take a service offline during an emergency it judges on its own.
This permits service monitoring, emergency alerts, and service shutdown when the operator is unresponsive, but the artifact does not define which services, exact triggers, rollback, or approval controls.
운영자 미응답 6시간 이상: - **허용**: 서비스 모니터링, 긴급 알림 발송, 서비스 중지
Require an explicit runbook, named services, human approval or break-glass token, rollback steps, and logging before any service-stop action is allowed.
A mistaken, manipulated, or overconfident agent could persist changes that expand or preserve its own authority across future sessions.
The same persistent files that guide future autonomy are updated by the agent during self-review, with no artifact-backed requirement for operator-signed level changes.
매주 1회, 아래 항목 점검 후 `references/state.json` 업데이트 ... 레벨 변동 필요한가? (근거 포함) 결과를 `memory/autonomy-review-YYYY-MM-DD.md`에 기록.
Make autonomy state operator-controlled, require explicit human approval for level changes, and keep append-only logs separate from the permission source of truth.
If the agent already has account, deployment, or payment access, this policy could guide it to use those privileges.
The policy contemplates use of external accounts, deployment authority, and budget spending at higher levels. No credentials are bundled, and the current state has budgetLimit 0, so this is a permission-boundary note rather than evidence of credential misuse.
SNS/DM/이메일/배포 자유, 사후 보고 ... 사전 승인 예산 내 집행 (광고비 등)
Grant least-privilege accounts only, keep payment/deployment credentials unavailable by default, and enforce budgets and approvals outside the model instructions.
Messages from other agents could influence behavior unless their origin and authority are controlled elsewhere.
The skill allows inter-agent communication at L3 or higher and requires logging, but it does not define identity verification, trusted channels, or data boundaries.
에이전트 간 통신은 L3 이상, 로그 필수
Treat other-agent messages as untrusted unless authenticated, and define allowed channels, message formats, and logging requirements.
Outbound permissions have a documented history of spam-like misuse in this state file, even though the artifact also records a mitigation.
The bundled state transparently records a prior major viral-spam/flooding incident, which is relevant when evaluating whether to grant outbound communication autonomy.
"type": "중대", "desc": "MUPENG 바이럴 스팸 도배"
Review the incident and mitigation before enabling external sends; add rate limits, cooldowns, and explicit anti-spam checks.