Heartbeat Tasks
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is coherent, but it asks the agent to run AI-driven crypto trades and change persistent memory/rule files on a schedule without clear approval or credential boundaries.
Install only if you intentionally want this agent to participate in heartbeat-driven trading and memory maintenance. Before use, disable automatic trade execution or require per-trade confirmation, define credential scopes and trade limits, restrict editable memory/rule files, and keep backups of MEMORY.md, trading_rules.md, and heartbeat-state.json.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place financial trades based on scheduled AI decisions, potentially causing losses if the decision, market data, or rules are wrong.
The skill directs the agent to use AI decisions to execute crypto trades. Trading is a high-impact account action, and the artifact does not define explicit user approval, trade size limits, stop-loss boundaries, or rollback controls.
- [ ] 调用 AI 获取决策 - [ ] 应用规则验证(R001-R006) - [ ] 执行交易或记录 HOLD
Require explicit user confirmation for every trade, define hard limits, and make HOLD the default unless a user-approved trading policy is present.
If the agent has access to exchange credentials through the environment or another tool, this skill could use them without a clearly declared credential boundary.
Executing trades implies delegated exchange or brokerage account authority, but the supplied metadata declares no primary credential, required environment variables, or config paths to bound that authority.
- [ ] 获取当前行情(BTC/ETH/BNB) - [ ] 执行交易或记录 HOLD
Declare required trading credentials and scopes, restrict them to the intended exchange/account, and document exactly when the agent may use them.
Incorrect summaries or cleanup could delete useful context, preserve bad assumptions, or alter future trading behavior through persistent memory and rules.
The skill changes persistent memory and trading-rule files, and also cleans or archives memory, without clear review, path limits, backup, or recovery guidance.
- [ ] 提炼高价值记忆到 MEMORY.md - [ ] 归档旧记忆文件 (>30 天) - [ ] 清理重复/低质量记忆 - [ ] 更新 trading_rules.md
Require user review before deleting, archiving, or promoting memories and before updating trading_rules.md; keep backups and restrict the exact files the skill may edit.
The agent may provide minimal output while repeatedly performing stateful checks, so users might not see details of routine actions unless they ask.
The heartbeat design is purpose-aligned, but it encourages repeated quiet operation with persistent state tracking. No separate background scheduler is provided in the artifacts.
### 静默执行 - 无异常时回复 `HEARTBEAT_OK` - 有异常时详细说明问题和建议 ### 状态追踪 使用 `memory/heartbeat-state.json` 记录
Log each heartbeat action in a user-visible file and require explicit scheduling configuration rather than relying on silent autonomous behavior.