Goal Command
Security checks across malware telemetry and agentic risk
Overview
Goal Command appears aligned with its stated purpose, but it deliberately makes `/goal` keep the agent working and writes persistent notes, so users should invoke and configure it deliberately.
Install this if you want `/goal` to be an execution-oriented workflow, not just a planner. Keep goals scoped, review approvals for any destructive or external actions, choose the Obsidian sync path carefully, and remember that run files may persist goal text and session metadata.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When `/goal` is used, the agent is encouraged to keep executing the objective instead of merely planning or asking whether to continue.
This shows the skill intentionally injects instructions that change how the agent proceeds and when it should stop. It is disclosed and central to the `/goal` feature, but users should understand the behavior-control effect.
The injected prompt then tells the agent: `EXECUTION_READY` means execute now, not explain; do not stop after creating a plan; update status to `DONE`, `BLOCKED`, or `FAILED`.
Use `/goal` only for objectives you are ready for the agent to actively pursue, and continue reviewing any normal approval prompts for high-impact actions.
A configured sync location may receive new or updated goal/project notes, including outside the agent workspace if an absolute path is used.
The skill can create or update markdown files outside the default workspace if the user configures an absolute Obsidian root. This is disclosed and purpose-aligned, but it expands the file-write location.
`/goal sync` writes markdown project/goal notes under the configured Obsidian root. `obsidianRoot` may be workspace-relative or an absolute path.
Choose a scoped, private Obsidian directory and review or back up important notes before using `/goal sync`.
Goal text, run state, and session-related metadata may remain in local files and may be visible to anyone or any sync tool with access to the configured folders.
The visible code persists channel and session metadata in the run status file, making the run directory a durable context store rather than only transient command output.
- channel: ${ctx.channel}\n- sessionKey: ${ctx.sessionKey || "unknown"}\nAvoid putting secrets in goal text, keep the notes directory private, and delete old run directories if you do not want this context retained.