deterministic-controller
PassAudited by ClawScan on May 1, 2026.
Overview
This is a transparent docs-only automation template; it is not malicious, but arming it gives OpenClaw recurring file-updating, subagent orchestration, and optional Telegram logging.
Before installing or arming this skill, review HEARTBEAT.md and ACTIVITIES.md, run MANUAL_RECONCILE first, keep cron and heartbeat disabled until you are ready, sanitize the listed memory/profile files, and enable Telegram logging only if you are comfortable with those status lines leaving the workspace.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When enabled, the agent may prioritize the controller contract over prior conversational context during heartbeat or poll cycles.
The template intentionally makes HEARTBEAT.md authoritative during triggered controller cycles, which is aligned with deterministic orchestration but can override normal session context if the user arms it.
This file defines the only valid control loop. Execute exactly as written. Do not use prior chat context.
Only arm the controller in a workspace/session where you want HEARTBEAT.md to govern behavior, and review that file before enabling scheduled runs.
After you enable automation, OpenClaw may dispatch worker agents and update project state on a schedule.
The skill documents autonomous subagent orchestration and retry/reassignment behavior. This is central to the controller purpose and capped, but it can start or reassign work without per-step human approval once armed.
Manager may run up to **2 concurrent subagents** for current sprint throughput ... Poll workers every 3 minutes and respawn/reassign if stalled.
Keep subagent concurrency and tool/model allowlists tight, dry-run manually first, and review queued steps before enabling cron or heartbeat.
If enabled, the controller can keep running periodically until you disable the cron job and heartbeat cadence.
The docs instruct the user to create persistent scheduled automation, but they clearly state it should be disabled by default and explicitly started by the operator.
Create a cron job ... schedule: every 3 minutes ... Leave it **disabled** until you explicitly start.
Leave the cron disabled until ready, use the documented disarm steps when stopping, and confirm heartbeat cadence is empty when automation should be off.
Private notes or persistent memory content could influence automated decisions if heartbeat mode is enabled.
Heartbeat mode may read persistent profile and memory files. That is disclosed and bounded to named files, but those files can contain sensitive or stale context.
`HEARTBEAT_TICK` (full context refresh): - `AGENTS.md`, `IDENTITY.md`, `USER.md`, `SOUL.md`, `MEMORY.md`, `memory/YYYY-MM-DD.md` ...
Remove secrets from the listed files, review memory content periodically, and use manual reconcile or poll-only mode if full context refresh is not needed.
Controller status lines may be visible in the configured Telegram group.
The controller can send control-plane logs to Telegram when the user configures a group ID. This egress is explicit and opt-in, but it moves operational data outside the local workspace.
Send via `message(action=send, channel="telegram", target="<TELEGRAM_GROUP_ID>", message="<LINE>")`.
Only configure Telegram logging if you want external logs, use an allowlisted/private group, and keep emitted log lines free of sensitive project details.