Proactive Pa
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill has no code, but it tells the agent to run persistent proactive checks, use private account data, make Git/skill changes, and send alerts to a hard-coded WhatsApp number.
Only use this if you are the intended user and you first replace the hard-coded phone number and contacts. Require explicit approval for scheduled jobs, messaging, Git pushes, and skill publishing, and confirm exactly which accounts and stored memory files the agent may access.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may initiate follow-up work or alerts that the user did not explicitly request.
The skill changes the agent from user-directed task completion toward autonomous initiative and proactive surfacing, which can override normal stopping boundaries unless tightly scoped.
**Proactive > Reactive.** Don't wait to be asked. Identify what Netanel would want to know and surface it before he asks.
Require explicit user confirmation before starting any new task or action outside the current request, and make the proactive behavior opt-in and user-specific.
The agent could create scheduled jobs, change repositories, push code, or alter skills without the user reviewing each action.
The skill authorizes the agent to use high-impact tools and mutate repositories or skills proactively, without requiring per-action approval for these categories.
DO take initiative on: ... Cron setup and monitoring ... Git commits and pushes ... Skill improvements
Gate cron creation, Git pushes, and skill publishing behind explicit user approval, and document exact allowed commands and rollback steps.
The agent may rely on existing private account sessions or delegated authority in ways the installer did not expect.
These checks require access to private messaging, calendar, email, and billing/API-key contexts, but the skill metadata declares no credentials, config paths, or account-scope boundaries.
Unanswered messages >30min ... Calendar conflict or missed event ... Billing issue (402 / API key failure) ... Emails marked important
Declare required accounts and scopes, keep access read-only where possible, and require user approval before using any existing credentials or sessions.
Private alerts about messages, calendar events, email, billing, or cron failures could be sent to someone else's WhatsApp number.
The default proactive cron pattern sends alerts through WhatsApp to a hard-coded phone number, creating an external data boundary that is not tied to the installing user.
--to "+972548834688" \ --channel whatsapp \ --announce
Remove the hard-coded recipient, require the user to configure and verify their own destination, and preview sensitive alert content before sending.
Personal information or task context may persist and influence later agent behavior.
The skill intentionally uses persistent memory and state files, which is purpose-aligned for a proactive assistant but can retain private context across tasks.
Memory compaction: review `memory/YYYY-MM-DD.md` → update `MEMORY.md` ... Track last-checked in `memory/heartbeat-state.json`
Document what is stored, where it is stored, how long it is retained, and how the user can inspect, edit, or delete it.
The agent may keep checking accounts and sending alerts on a schedule, increasing the chance of unwanted access or notifications.
The skill describes recurring background checks and active cron jobs that can continue operating after the original interaction.
During heartbeats, rotate through these checks (2-4x per day) ... Key active crons ... `unanswered-messages-check` | 5m
Make all recurring jobs opt-in, add clear expiration and disable commands, and show the user a list of active scheduled jobs before enabling them.