Agent Development
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is instruction-only and on-topic, but it recommends broad, prompt-free permissions for custom agents that could let them edit files, run shell commands, and fetch from any domain without further review.
Use this skill as design guidance, but do not blindly copy the broad allowlist into global settings. Keep agent permissions narrow, review any persistent prompt or settings changes, and require approvals for file mutation, Bash, or broad network access unless a specific agent truly needs them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into a project, custom or background agents could modify files, run allowed shell commands, and fetch from any domain with fewer checkpoints than the user may expect.
The skill recommends broad file-write, shell, and network permissions while explicitly reducing approval prompts, rather than limiting agents to task-specific tools.
permissions allow includes "Write", "Edit", "WebFetch(domain:*)" and "Bash(for *)"; the text says "This avoids permission prompts without limiting agent capabilities."
Use least-privilege tool lists per agent, avoid wildcard WebFetch unless truly needed, keep approvals for Bash/write actions where possible, and scope allowlists to specific projects and commands.
Overly broad agent descriptions could make Claude delegate work automatically in more situations than intended.
The skill teaches forceful auto-delegation wording; this is purpose-aligned, but broad triggers can cause agents to run when the user did not specifically ask for them.
description: "[Role] specialist. MUST BE USED when [specific triggers]. Use PROACTIVELY for [task category]."
Use narrow trigger conditions, avoid unconditional 'MUST BE USED' phrasing, and test when each custom agent activates.
Bad or overly specific instructions added during one session could affect future agent runs.
Persisting lessons into reusable prompts is central to the skill, but stored instructions can carry forward mistakes, untrusted directives, or sensitive details if not reviewed.
Every improvement, fix, or pattern discovered during development must be encoded into the agent's prompt, not left as implicit knowledge.
Review prompt/template changes before saving them, keep secrets out of agent prompts, and remove temporary or untrusted instructions.