ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proactive Agent Lite 1.0.0

v1.0.0

Transform AI agents from task-followers into proactive partners with memory architecture, reverse prompting, and self-healing patterns. Lightweight version f...

0· 356·18 current·20 all-time
by@terryren2024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, README and SKILL.md are coherent: a proactive-behavior instruction-only skill reasonably requires no binaries, env vars, or install steps. Nothing requested contradicts the stated purpose.
!
Instruction Scope
SKILL.md is purely conceptual and contains no concrete runtime commands, file paths, or declared data sources. However it repeatedly promises autonomous behaviors (memory compaction/flush, continuous learning, self-diagnosis and automatic fixes) and states the agent will "automatically begin exhibiting proactive behavior" after install. That language is vague and grants broad discretion to the agent; it effectively authorizes unspecified data collection, state changes, or actions unless additional constraints exist elsewhere.
Install Mechanism
Instruction-only skill with no install spec and no code files. No files are downloaded or written by an installer, so there is no install-time code-execution risk in the package itself.
Credentials
No required environment variables, binaries, or config paths are declared. The skill does not request credentials or additional access in its metadata.
Persistence & Privilege
always:false (normal) and model invocation is enabled (default). Autonomous invocation combined with the SKILL.md's broad, underspecified authority increases potential blast radius if the agent is allowed to act without explicit approvals. The package itself does not request persistent installs or write other skills' configs.
What to consider before installing
This skill appears to be what it claims on the surface, but its runtime instructions are intentionally vague and allow the agent wide latitude to act ("self-healing", "continuous learning", "automatically begins exhibiting proactive behavior"). Before installing: 1) Ask the maintainer to provide concrete details of what the skill will read, store, or change (which files, logs, or external endpoints, and what triggers automatic actions). 2) Limit the agent's permissions and sensitive-data access (use least-privilege policies or sandboxed agents). 3) Test in a safe environment and monitor activity/logs for unexpected data access or outbound requests. 4) Prefer skills that declare exactly which env vars, files, or endpoints they use; if that information isn't available, treat autonomous behavior as higher risk and avoid enabling it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk979tb5zsw8p5b38bqdwte6seh82zkrq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments