AI Harness Engineering

What to consider before installing: - Persistency and automatic runs: This skill is configured always: true and defines scheduled tasks (every 2 hours, weekly). That means it may run or be injected into sessions automatically without per-session opt-in. If you prefer to control when it runs, ask the publisher to remove always: true or disable cron schedules. - File writes to your home/workspace: The promote feature writes to ~/.qclaw/workspace (SOUL.md, AGENTS.md, TOOLS.md, MEMORY.md). Back up that directory first and review the promote.py logic; consider running promote operations only in dry-run mode until you trust the content. - Data sensitivity: The ledger stores user-provided text (wrong_answer, correct_answer, details). Those strings can be later injected into session context or appended to workspace files. If you or users sometimes paste credentials/secrets into conversations, this skill could persist them. Consider limiting who can trigger record_error, or sanitize logs before promoting. - Review and audit the code: The included scripts are readable and local — review promote.py, record_error.py, inject_summary.py, and pre_answer_check.py to verify they behave as you expect. In particular, check how 'suggested_target' is derived before it is used as a filename in promote_to_workspace to avoid unexpected file paths. - Least privilege: If you want the functionality but with lower risk, ask for these changes: remove always: true, make cron tasks optional (manual or admin-enabled), restrict promote targets to a single controlled directory, and add input sanitization and size limits to ledger entries. Overall: the skill is coherent with its stated purpose (not overtly malicious) but the combination of always: true, automatic scheduling, and ability to write into the user's workspace/home makes it higher risk than a read-only helper. Review and possibly harden policies before enabling it in production accounts.