AI Harness Engineering
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or malicious correction could be saved and reused later, affecting future answers even when the user did not ask for that context.
Saved ledger content is automatically reintroduced into future session context and answer generation, so incorrect or adversarially phrased feedback could persistently influence the agent.
错误摘要注入:session启动时自动读取错误台账摘要,注入到上下文 ... 回答前自检:每次回答前自动查询错误台账
Require explicit user approval before injecting ledger content into context, quote/sanitize saved user text, and provide a clear way to review, edit, or disable stored lessons.
The skill can modify core behavior or memory files, making logged lessons persistent rules for the agent.
The script appends learned details into global workspace files that can shape agent behavior, not just into the skill's own ledger.
workspace = Path.home() / ".qclaw" / "workspace" ... entry += f"**详情**: {details}\n\n" ... target_path.write_text(existing, encoding='utf-8')Make promotion a manual or dry-run-first workflow, require confirmation before writing SOUL.md/AGENTS.md/TOOLS.md/MEMORY.md, and keep backups or rollback support.
Background tasks may keep changing persistent agent state after the original conversation has ended.
The skill declares always-on behavior and a recurring task that can automatically promote stored learnings without a direct user request at that time.
always: true ... auto_promote: schedule: "every 2h" ... task: "python3 {SKILL_DIR}/scripts/promote.py --action auto_promote"Disable automatic cron promotion by default, make scheduled jobs opt-in, and notify the user before any background task changes workspace files.