ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Temp Agent Autonomy Kit

Stop waiting for prompts. Keep working.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 82 · 0 current installs · 0 all-time installs
by@ayakolin
fork of @ryancampbell/agent-autonomy-kit (based on 1.0.0)
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (make agents proactive) align with everything in SKILL.md and README: creating task queues, replacing passive heartbeats with proactive work, cron jobs, and team channels are all coherent features for an autonomy kit. The skill does not request unrelated binaries, env vars, or installs.
!
Instruction Scope
Instructions are intentionally broad: 'do meaningful work', 'use remaining time', frequent heartbeats, and cron jobs give the agent wide discretion about what it does during each run. The skill references reading and writing memory files and posting to team channels (Discord/Slack) — actions that could transmit sensitive material. The SKILL.md does not define strict limits, approval gates, or exactly what kinds of data the agent may access or share.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be written or executed on install by the skill itself. Low install risk.
Credentials
The skill does not request environment variables or credentials itself. However, it instructs integration with team channels (Discord/Slack) and suggests using platform cron features; those integrations will require credentials outside the skill. Users should ensure any channel tokens or webhooks granted have minimal scopes and are not shared unnecessarily.
Persistence & Privilege
The skill does not set always: true and is user-invocable only. However, it explicitly recommends cron jobs and frequent autonomous heartbeats, which increase runtime persistence and blast radius. Autonomous invocation is platform-default, so the main issue is the combination of continuous schedules + open-ended work instructions rather than a metadata privilege flag.
What to consider before installing
This kit is coherent for making agents proactive, but it grants broad operational freedom. Before installing: (1) limit heartbeat frequency and token budget (e.g., longer intervals, strict run-time token caps); (2) require explicit human approval for tasks that access sensitive files or external systems; (3) scope any channel/webhook credentials tightly (create service accounts or webhooks with minimal permissions); (4) restrict which filesystem paths the agent may read/write (avoid exposing entire memory/drive); (5) audit logs and alerts for automated bursts of activity; and (6) test in an isolated session first. If you need more assurance, ask the author to add explicit safety gates (task categories that require human confirmation, token/cost safeguards, and an allowlist of accessible files and channels).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97a3kjmpk8q932pfhw6sg57ph8350s0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis

SKILL.md

Agent Autonomy Kit

Transform your agent from reactive to proactive.

Quick Start

  1. Create tasks/QUEUE.md with Ready/In Progress/Blocked/Done sections
  2. Update HEARTBEAT.md to pull from queue and do work
  3. Set up cron jobs for overnight work and daily reports
  4. Watch work happen without prompting

Key Concepts

  • Task Queue — Always have work ready
  • Proactive Heartbeat — Do work, don't just check
  • Continuous Operation — Work until limits hit

See README.md for full documentation.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…