This skill reads agent configuration files, potentially exposing sensitive operational
Claims to do
Architecture: Proactive state lives in `~/proactivity/` and separates durable boundaries from active work. If that folder is missing or empty, run `setup.md`.
Actually does
This skill creates and manages a local directory `~/proactivity/` containing various `.md` files for state, memory, logs, and patterns. It can read workspace configuration files like `AGENTS.md`, `TOOLS.md`, `SOUL.md`, and `HEARTBEAT.md` for integration with user consent. It explicitly states it does not require network access and will not edit files outside `~/proactivity/` or perform external actions without explicit user approval and showing proposed changes.
openclaw skills install ivangdavila/proactivityThe skill is designed to read agent configuration files (`AGENTS.md`, `TOOLS.md`, `SOUL.md`, `HEARTBEAT.md`) for workspace integration. This capability could be leveraged by an attacker to gather sensitive operational details or API keys if the agent is compromised or instructed to process this data.
metadata: {"clawdbot":{"requires":{"bins":[]},"configPaths.optional":["./AGENTS.md","./TOOLS.md","./SOUL.md","./HEARTBEAT.md"]}}
It may read workspace behavior files such as AGENTS, TOOLS, SOUL, and HEARTBEAT only if the user wants workspace integration.[](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/proactivity)<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/proactivity"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/proactivity.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/proactivity.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.