Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Proactive Agent
v1.0.0Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autono...
⭐ 0· 26·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (proactive, self-improving agent) aligns with the included README, assets, and SKILL.md: the skill reads/writes workspace docs, maintains WAL/session files, and runs a local security audit. However assets/TOOLS.md and other docs reference storing API keys in ~/.openclaw/.env and tooling (Tavily, browser control), yet the registry metadata declares no required env vars or config paths. That mismatch is notable: the skill expects or documents use of external API keys/config outside the workspace without declaring them.
Instruction Scope
SKILL.md and the assets instruct the agent to scan every message, write SESSION-STATE.md, read many workspace files, run ./scripts/security-audit.sh, and perform web search/browser automation when configured. Most of this is coherent for a proactive agent, but there are contradictory guardrails across files: e.g., AGENTS.md says 'Don't ask permission. Just do it.' while other files insist 'Nothing external without approval.' The skill also references external services and local config (~/.openclaw/.env) which are outside the declared scope. These inconsistencies expand the agent's discretion and deserve human review.
Install Mechanism
No install spec and no downloads — instruction-only with a small shell audit script included. This is low-risk from an install/download standpoint (nothing pulled from the network or written to system locations by an installer), but running included scripts should still be reviewed before execution.
Credentials
The skill manifest lists no required credentials, but TOOLS.md explicitly documents storing API keys in ~/.openclaw/.env (TAVILYAPIKEY) and references browser automation and external search providers. That suggests the skill is designed to use secrets and external APIs if configured, yet it doesn't declare or ask for them. This gap increases the risk that the skill may be given access to local credential files or external services without the user being clearly informed.
Persistence & Privilege
The skill is not marked 'always: true' and is user-invocable; it writes/reads workspace files (normal for this class of skill) and includes no code that tries to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but does not appear combined with unusual persistent privileges.
What to consider before installing
This skill is mostly coherent with a 'proactive agent' design, but there are a few things to check before installing or running anything: 1) Inspect ~/.openclaw/.env and confirm it doesn't contain secrets you wouldn't want the skill to access; the TOOLS.md suggests keys may live there. 2) Review scripts/security-audit.sh and any other executable files locally (don't run them until you review). 3) Decide whether you are comfortable letting an agent read and write workspace files (SESSION-STATE.md, MEMORY.md, USER.md, etc.). 4) Clarify the contradictory guidance in the docs (some files say 'Don't ask permission. Just do it.' while others require approval before external actions). 5) If you will enable external APIs (Tavily or browser control), add only the minimal credentials and consider running the skill in an isolated workspace or container first. 6) Prefer getting a known source/repo or author verification (the registry lists an opaque owner) — if you cannot verify the origin, treat it as higher risk. If you want, I can (a) produce a short checklist of exact lines to look for in the script(s) that would indicate network exfiltration, or (b) walk you through running the security-audit.sh safely in a disposable environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9703e629b0mkhr06erjzr8809840311
License
MIT-0
Free to use, modify, and redistribute. No attribution required.