Anti Regression
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill openly pushes the agent to act more autonomously, including using credentials and persistent self-enforcement, which could reduce user control without added guardrails.
Install this only if you deliberately want a more autonomous agent. Before using it, add explicit rules requiring approval for credentials, account changes, service restarts, deployments, deletes, purchases, external messages, production systems, and private data access.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may stop asking before actions that the user would normally expect to approve.
The skill explicitly frames normal permission-seeking and safety caution as behavior to override across the agent's operation.
Your base training screams "be safe, ask permission, hedge." Unless you actively override these instincts...
Use only with explicit local guardrails for destructive actions, account changes, production systems, purchases, external messages, and private data access.
If the agent has shell, browser, admin, or deployment tools, it could make system changes before the user reviews them.
The example encourages operational tool use and service restarts as the preferred default response, without requiring explicit approval or limiting the environment.
✅ Effective: *checks logs, restarts service, reports fix*
Require approval for privileged commands, service restarts, deployments, deletions, purchases, public posts, and any action outside a clearly assigned task.
The agent could use available accounts or sessions more broadly than the user intended.
The credential-use instruction is broad and not limited to named services, read-only access, or user-approved sessions.
When you need to access any service you have credentials for → OPEN THE BROWSER AND LOG IN.
Limit credential access to specific services and tasks, prefer least-privilege accounts, and require confirmation before account mutation or external communication.
The agent may repeatedly reapply these instructions across unrelated future tasks, even when a more cautious mode is appropriate.
The skill is designed to be reloaded into persistent session context, making its autonomy rules continually influence future behavior.
Read skills/anti-regression/SKILL.md every session for full context.
Keep these rules in a clearly removable section, document when they apply, and add higher-priority safety rules for sensitive data and high-impact actions.
The agent could initiate work, claim tasks, or make changes outside the user's immediate request.
The skill encourages autonomous activity during idle or heartbeat periods instead of waiting for explicit user direction.
If there's any task or useful work → DO IT. Only acknowledge heartbeat when genuinely nothing needs attention.
Define allowed idle work, require approval for new task claims in shared systems, and disable this behavior in environments where autonomous changes are not desired.
Users have less source-verification context for who maintains the skill.
The registry metadata does not provide strong provenance, although the reviewed package is instruction-only and contains no executable code.
Source: unknown; Homepage: none
Install from a trusted registry entry, verify the author/source if cloning manually, and re-review any future version that adds code or dependencies.