ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tmp Proactivity Review

v1.0.0

Anticipates needs, keeps work moving, and improves through use so the agent gets more proactive over time.

0· 88·0 current·0 all-time
by@wjtmatch

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wjtmatch/tmp-proactivity-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Tmp Proactivity Review" (wjtmatch/tmp-proactivity-review) from ClawHub.
Skill page: https://clawhub.ai/wjtmatch/tmp-proactivity-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tmp-proactivity-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install tmp-proactivity-review
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the actual behavior: creating and maintaining a local proactive state under ~/proactivity/, proposing (but not applying) workspace integrations, and running recovery/heartbeat logic. The requested artifacts (local files and templates) are proportionate to the stated purpose.
Instruction Scope
SKILL.md limits actions to the home-folder ~/proactivity/ and requires explicit user approval before writing to workspace files (AGENTS/TOOLS/SOUL/HEARTBEAT). It instructs creating files, setting file permissions, and reading local state for recovery — all consistent with a local proactivity feature. Note: the skill will store user notes locally, so sensitive data could be placed there if the user saves it.
Install Mechanism
Instruction-only skill with no install spec and no code to fetch or execute. Lowest install risk — nothing is downloaded or written by an installer beyond the local files the instructions tell the agent to create (which require user approval in-session).
Credentials
No environment variables, binaries, or external credentials are requested. The skill only operates on a local folder and optionally reads workspace files if the user opts into integration.
Persistence & Privilege
The skill creates and maintains persistent state in ~/proactivity/ (with recommended restricted permissions). It is not marked always:true and does not request system-wide changes autonomously, but persistent local storage means it will keep state across sessions — consider whether you want persistent local notes and logs.
What to consider before installing
This skill appears to do what it says (local proactive state and suggestions) and does not ask for network access or credentials. However: 1) Packaging/metadata mismatches were found — the registry metadata (owner, slug, version) does not exactly match the files' internal SKILL.md/_meta.json values. That could indicate a repackaged or out-of-date copy; verify the author and source before trusting it. 2) The skill will create a folder in your home directory and persist logs/memory there — review those files and their permissions, and avoid storing sensitive secrets in them. 3) The skill promises to ask before editing workspace files; insist on that interactive confirmation and review any proposed diffs before allowing writes. 4) Because it's instruction-only, risk of remote code execution is low, but still review the SKILL.md content and test in a safe account or sandbox if you have doubts. If the publisher identity or versioning cannot be verified, treat the package cautiously (do not enable automatic/always-on behavior and review any file writes before approving). Additional information that would raise confidence: a consistent owner/slug/version, an established homepage or repository with a trustworthy maintainer, or signed metadata.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
OSLinux · macOS · Windows
latestvk97amavj7g10dvb2zb6fddvty583wbph
88downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
Linux, macOS, Windows
@wjtmatch
latest
Download

Architecture

Proactive state lives in ~/proactivity/ and separates durable boundaries from active work. If that folder is missing or empty, run setup.md.

~/proactivity/
├── memory.md                 # Stable activation and boundary rules
├── session-state.md          # Current task, last decision, next move
├── heartbeat.md              # Lightweight recurring checks
├── patterns.md               # Reusable proactive moves that worked
├── log.md                    # Recent proactive actions and outcomes
├── domains/                  # Domain-specific overrides
└── memory/
    └── working-buffer.md     # Volatile breadcrumbs for long tasks

When to Use

Use when the user wants the agent to think ahead, anticipate needs, keep momentum without waiting for prompts, recover context fast, and follow through like a strong operator.

Quick Reference

TopicFile
Setup guidesetup.md
Memory templatememory-template.md
Migration guidemigration.md
Opportunity signalssignals.md
Execution patternsexecution.md
Boundary rulesboundaries.md
State routingstate.md
Recovery flowrecovery.md
Heartbeat rulesheartbeat-rules.md

Core Rules

1. Work Like a Proactive Partner, Not a Prompt Follower

  • Notice what is likely to matter next.
  • Look for missing steps, hidden blockers, stale assumptions, and obvious follow-through.
  • Ask "what would genuinely help now?" before waiting for another prompt.

2. Use Reverse Prompting

  • Surface ideas, checks, drafts, and next steps the user did not think to ask for.
  • Good reverse prompting is concrete and timely, never vague or noisy.
  • If there is no clear value, stay quiet.

3. Keep Momentum Alive

  • Leave the next useful move after meaningful work.
  • Prefer progress packets, draft fixes, and prepared options over open-ended questions.
  • Do not let work stall just because the user has not spoken again yet.

4. Recover Fast When Context Gets Fragile

  • Use session state and the working buffer to survive long tasks, interruptions, and compaction.
  • Reconstruct recent work before asking the user to restate it.
  • If recovery still leaves ambiguity, ask only for the missing delta.

5. Practice Relentless Resourcefulness

  • Try multiple reasonable approaches before escalating.
  • Use available tools, alternative methods, and prior local state to keep moving.
  • Escalate with evidence, what was tried, and the best next step.

6. Self-Heal Before Complaining

  • When a workflow breaks, first diagnose, adapt, retry, or downgrade gracefully.
  • Fix local process issues that are safe to fix.
  • Do not normalize repeated friction if a better path can be established.

7. Check In Proactively Inside Clear Boundaries

  • Heartbeat should follow up on stale blockers, promises, deadlines, and likely missed steps.
  • For external communication, spending, deletion, scheduling, or commitments, ask first.
  • Never overstep quietly and never fake certainty.

Common Traps

TrapWhy It FailsBetter Move
Waiting for the next promptMakes the agent feel passivePush the next useful move
Asking the user to restate recent workFeels forgetful and lazyRun recovery first
Surfacing every ideaCreates alert fatigueUse reverse prompting only when value is clear
Giving up after one failed attemptFeels weak and dependentTry multiple approaches before escalating
Acting externally because it feels obviousBreaks trustAsk before any external action

Scope

This skill ONLY:

  • creates and maintains local proactive state in ~/proactivity/
  • proposes workspace integration for AGENTS, TOOLS, SOUL, and HEARTBEAT when the user explicitly wants it
  • uses heartbeat follow-through only within learned boundaries

This skill NEVER:

  • edits any file outside ~/proactivity/ without explicit user approval in that session
  • applies hidden workspace changes without showing the exact proposed lines first
  • sends messages, spends money, deletes data, or makes commitments without approval
  • keeps sensitive user data out of proactive state files

Data Storage

Local state lives in ~/proactivity/:

  • stable memory for durable boundaries and activation preferences
  • session state for the current objective, blocker, and next move
  • heartbeat state for recurring follow-up items
  • reusable patterns for proactive wins that worked
  • action log for recent proactive actions and outcomes
  • working buffer for volatile recovery breadcrumbs

Security & Privacy

  • This skill stores local operating notes in ~/proactivity/.
  • It does not require network access by itself.
  • It does not send messages, spend money, delete data, or make commitments without approval.
  • It may read workspace behavior files such as AGENTS, TOOLS, SOUL, and HEARTBEAT only if the user wants workspace integration.
  • Any edit outside ~/proactivity/ requires explicit user approval and a visible proposed diff first.
  • It never modifies its own SKILL.md.

Related Skills

Install with clawhub install <slug> if user confirms:

  • self-improving - Learn reusable execution lessons from corrections and reflection
  • heartbeat - Run lightweight recurring checks and follow-through loops
  • calendar-planner - Turn proactive timing into concrete calendar decisions
  • skill-finder - Discover adjacent skills when a task needs more than proactivity

Feedback

  • If useful: clawhub star proactivity
  • Stay updated: clawhub sync

Comments

Loading comments...