Architecture

Name: proactivity
Author: ivangdavila

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

15Low

This skill reads agent configuration files, potentially exposing sensitive operational

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Architecture: Proactive state lives in `~/proactivity/` and separates durable boundaries from active work. If that folder is missing or empty, run `setup.md`.

Actually does

This skill creates and manages a local directory `~/proactivity/` containing various `.md` files for state, memory, logs, and patterns. It can read workspace configuration files like `AGENTS.md`, `TOOLS.md`, `SOUL.md`, and `HEARTBEAT.md` for integration with user consent. It explicitly states it does not require network access and will not edit files outside `~/proactivity/` or perform external actions without explicit user approval and showing proposed changes.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameivangdavila/proactivity

Registryclawhub

Version1.0.1

PURLpkg:clawhub/ivangdavila/proactivity@1.0.1

Stars21

Downloads15,632

Installs140

Source

Repository ↗

SHA-2562ebb2ca0988d...

SHA-14af616c83e34...

MD5a3acd64c7197...

TLSH68d1d817ed28...

ssdeep192:7cZzmh6y...

Size6,239 bytes

Install

OpenClawDocs

https://clawhub.ai/ivangdavila/proactivity

15,632 downloads140 installs

ClawHubDocs

openclaw skills install ivangdavila/proactivity

Assessments (1)

AI Agent Traps ↗

Reconnaissance of Agent Configuration Fileslowreconnaissance

The skill is designed to read agent configuration files (`AGENTS.md`, `TOOLS.md`, `SOUL.md`, `HEARTBEAT.md`) for workspace integration. This capability could be leveraged by an attacker to gather sensitive operational details or API keys if the agent is compromised or instructed to process this data.

90% confidenceline 121

metadata: {"clawdbot":{"requires":{"bins":[]},"configPaths.optional":["./AGENTS.md","./TOOLS.md","./SOUL.md","./HEARTBEAT.md"]}}
It may read workspace behavior files such as AGENTS, TOOLS, SOUL, and HEARTBEAT only if the user wants workspace integration.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/proactivity.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/proactivity)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/proactivity"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/proactivity.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/proactivity.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow