Agent Builder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-builder Version: 1.0.0 The OpenClaw AgentSkills bundle is designed to help an AI agent build and iterate on other OpenClaw agents' configurations. The `SKILL.md` instructions guide the agent through an interview process and then to generate or modify standard OpenClaw workspace files (`SOUL.md`, `AGENTS.md`, etc.). The included reference files (`references/openclaw-workspace.md`, `references/templates.md`) explicitly promote security best practices, such as not storing secrets in the workspace and including guardrails (e.g., 'ask before destructive actions') in generated agent configurations. There is no evidence of prompt injection, data exfiltration, malicious execution, or any other harmful behavior directed at the executing agent or the user.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user chooses a high-autonomy generated agent, that future agent may take more initiative with available tools or channels.
The skill explicitly helps users choose an autonomy model for a future agent, including a broad-autonomy option. This is disclosed and paired with guardrail generation, but users should review it carefully.
Autonomy level: ... Operator (non-destructive ok; ask before destructive/external) ... Autopilot (broad autonomy; higher risk)
Start with Advisor or Operator mode unless broad autonomy is truly needed, and keep explicit approval rules for destructive actions and outbound messages.
Future agents may use saved notes to influence later responses, and sensitive information could persist if the user stores it there.
The generated agent templates can persist and reread user preferences, decisions, and session notes. The template limits MEMORY.md to private sessions, but persistent memory still deserves user review.
In private main sessions only: read `MEMORY.md` if present. ... Daily log: `memory/YYYY-MM-DD.md` ... Long-term: `MEMORY.md` (decisions, preferences, durable facts)
Keep memory entries minimal, avoid secrets, and periodically review or prune MEMORY.md and daily logs.
If heartbeats are enabled, a generated agent may perform periodic checks according to HEARTBEAT.md.
The workspace reference supports heartbeat-based periodic behavior. It is disclosed, optional, and cautioned, but it can make a generated agent act outside a direct chat turn.
Default heartbeat prompt: `Read HEARTBEAT.md if it exists ... Follow it strictly.` ... `Heartbeats burn tokens; enable only once you trust the agent.`
Leave HEARTBEAT.md empty by default and only add small, explicit checklist items after reviewing the generated agent's behavior.