Context-Aware Delegation (SmartBeat)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about its purpose, but it teaches background sessions to read your main chat history, memory, email/calendar context, and send reports, which needs careful review and tight limits.
Use this only if you are comfortable with background agents reading your main conversation history and memory. Before enabling examples, restrict history limits, avoid sensitive session keys, constrain tools, require approval for outbound messages or account actions, and audit any cron jobs or spawned sessions you create.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversation details, decisions, or secrets from your main session could be reused by scheduled jobs or sub-agents and potentially included in generated reports.
The skill's core workflow moves main-session conversation history into isolated sessions. That is disclosed and purpose-aligned, but it can expose private chat context to background tasks without artifact-defined redaction, retention, or approval controls.
Use `sessions_history` to give isolated sessions full awareness of what happened in your main chat
Use narrow session keys and low history limits, avoid storing secrets in chat/memory, redact sensitive context, and require review before background tasks send or act on retrieved history.
A background session could read account data or send messages based on retrieved context without the same interactive review a main chat would receive.
The skill encourages isolated sessions with broad tool access, then shows workflows that check email/calendar and send messages. Broad tool use from automated context-aware sessions is high-impact unless the user constrains tools and approvals.
Your isolated session now has: ... ✅ Full tool access
Limit which tools isolated sessions can use, prefer read-only email/calendar access, and require explicit approval before sending messages, emails, modifying files, or taking account actions.
If configured, the task can keep running on a schedule and repeatedly access conversation history or other tools.
The artifact documents a recurring isolated-session cron job. This is not hidden or automatically installed, but users should recognize it as persistent background automation.
"schedule": { "kind": "cron", "expr": "0 8 * * *" }, "sessionTarget": "isolated"Only install cron examples you understand, track where they are registered, set clear stop conditions, and remove or disable them when no longer needed.
If you connect email or calendar tools, the background report may access sensitive account data.
The example relies on other account-integrated skills for email and calendar access. That is expected for a morning report, but it means the workflow may use delegated account privileges.
Check email:\n Use gog or himalaya skill\n\n5. Check calendar:\n Use gog skill for today's events
Use least-privilege credentials, confirm which accounts are connected, and avoid granting write/send permissions unless they are required.