ClawHub

Proactive Agent Lite

v1.0.0

Transform AI agents from task-followers into proactive partners with memory architecture, reverse prompting, and self-healing patterns. Lightweight version f...

53· 32.9k·392 current·414 all-time
by@bestrocky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name and description promise memory architecture, long-term memory, self-healing, and automatic proactive behavior, but the skill supplies no code, no install steps, and no configuration or storage mechanism. Capabilities that imply persistence (long-term memory, pre-compaction flush) normally require explicit storage, config paths, or credentials; none are declared. That mismatch is unexplained.
!
Instruction Scope
SKILL.md is high-level and open-ended (e.g., "Simply install and the agent will automatically begin exhibiting proactive characteristics"). There are no concrete runtime steps, no guidance on what data may be read or written, and no limits on what 'proactive' actions mean. Vague, broad instructions grant the agent wide discretion and are a security/behavior risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files—lowest install risk. Nothing will be downloaded or written to disk by an installer as part of this package.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That is proportionate to an instruction-only skill; however, because the skill claims long-term memory and stateful features, the lack of any declared storage/access mechanism is notable (see purpose_capability).
Persistence & Privilege
always:false and default autonomous invocation are fine, but the skill's vagueness about what it will do combined with autonomous ability means it could take unspecified actions at runtime. There is also no maintainer or homepage listed, so it's unclear who would be responsible for updates or data-handling policies.
What to consider before installing
This skill is unclear about how it implements the features it advertises. Before installing: 1) Ask the publisher for concrete implementation details — where (if anywhere) does it store memory, what endpoints are used, how are privacy and retention handled, and how can you opt out or delete stored data? 2) Request the actual runtime prompts/config the skill will inject into agents so you can audit them. 3) Prefer skills with a verifiable source, homepage, or maintainer contact; this one lists none. 4) If you still want to test it, run it in an isolated agent/environment and monitor all agent actions and any persistence (files, remote calls, logs). 5) Disable or tightly constrain autonomous actions until you understand the exact behavior. Providing those implementation details (code, storage/back-end, config schema, maintainer identity) would materially increase confidence; absent them, treat the skill as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3mawztk36djxgy7z42mf0s8211x6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments