ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Autonomy Kit.Skip

Stop waiting for prompts. Keep working.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 83 · 0 current installs · 0 all-time installs
by@ayakolin
fork of @ryancampbell/agent-autonomy-kit (based on 1.0.0)
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (proactive autonomy) align with the SKILL.md and README: reading a task queue, changing heartbeat behavior, scheduling cron jobs and coordinating via team channels is coherent with the stated purpose.
!
Instruction Scope
Runtime instructions explicitly tell agents to read and update local files (tasks/QUEUE.md, memory/YYYY-MM-DD.md), post to team channels (Discord/Slack), spawn/team agents, and create cron jobs that run unattended. These are powerful operations and the SKILL.md gives broad discretion ("Do meaningful work", "Pick the highest-priority task you can do") without concrete limits on what data can be read, modified, or transmitted.
Install Mechanism
Instruction-only skill (no install spec, no code files). Low install risk because nothing will be downloaded or written by the installer itself. All behavior comes from instructions the agent will follow at runtime.
!
Credentials
The docs instruct posting to Discord/Slack and using openclaw cron commands, and reference memory and agent configuration; yet the skill declares no required environment variables or credentials. That omission is risky: agent-to-channel posting and cron/session management will require tokens or platform permissions which are not documented here, creating a gap between required runtime access and declared requirements.
Persistence & Privilege
always:false (good). However the skill explicitly recommends creating cron jobs and persistent heartbeats that run autonomously (overnight cron entries, frequent heartbeats and spawn behaviors). Autonomous invocation plus scheduled jobs increases blast radius if agents are granted broad access — this is expected for an autonomy kit but users should treat it as a high-privilege configuration change.
What to consider before installing
This kit is coherent for turning an agent proactive, but it enables unattended, persistent activity and external communication. Before installing: 1) Audit what files and memory you will allow the agent to read/write (tasks/, memory/). 2) Require explicit credentials and least privilege for any external channels (Discord/Slack tokens, OpenClaw/cron permissions) and do not give channel posting rights to sensitive spaces. 3) Limit heartbeat frequency and token budgets, and add hard-stops/human confirmation for sensitive tasks (e.g., sending data externally, modifying infra, or spawning other agents). 4) Test in an isolated environment first and log all automated actions for review. If you cannot provide or control the necessary platform credentials and clear safety policies, do not enable the cron/continuous-run recommendations.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cek0ea15pvrkzfvxdk7w5r1834aan

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis

SKILL.md

Agent Autonomy Kit

Transform your agent from reactive to proactive.

Quick Start

  1. Create tasks/QUEUE.md with Ready/In Progress/Blocked/Done sections
  2. Update HEARTBEAT.md to pull from queue and do work
  3. Set up cron jobs for overnight work and daily reports
  4. Watch work happen without prompting

Key Concepts

  • Task Queue — Always have work ready
  • Proactive Heartbeat — Do work, don't just check
  • Continuous Operation — Work until limits hit

See README.md for full documentation.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…