Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack
Security
High Risk
Quality
Watch · 64
Install
manual only
Audit version
audit-standard-v2
Source metrics come from upstream registries/repositories. Platform metrics come from user actions on SkillTrust and are protected by dedupe/rate-limit anti-abuse rules.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack 🦞 The skill largely matches its stated purpose (proactive agent patterns and local memory management) but contains internal contradictions and instructions that could encourage an agent to act without clear user approval — worth reviewing before installing. What to consider before installing: - The skill is mostly an instruction/manual for running a proactive agent and includes a safe local security-audit script; there is no remote installer or downloads, so install risk is low. - However the docs contain conflicting guidance: some places urge 'don't ask permission / ask forgiveness' while others insist 'nothing external without approval.' That ambiguity could cause an autonomous agent to take actions (especially external actions) without explicit user consent if it has network/tool access. Consider this the main red flag. - Practical steps before installing: 1) Run the included ./scripts/security-audit.sh in a sandboxed copy of your workspace to see what it reports. 2) Inspect .credentials and any files the skill mentions (AGENTS.md, TOOLS.md, ONBOARDING.md) and adjust wording like 'Don't ask permission' to strict gating if you will allow autonomous actions. 3) Ensure runtime policies prevent unwanted outbound network access or automatic sending of data (or deny the agent tool/network permissions until you trust its behavior). 4) If you plan to let the agent use external tools, explicitly supply only the minimal credentials it needs and ensure .credentials is properly protected and gitignored. If you want, I can generate a short patch that removes or clarifies the ambiguous 'don't ask permission' directives and adds a firm gating step before any external action.
• Add explicit When to Use / Guidelines sections.
• Provide at least one concrete input-output example.
• Publish versioned changelog and update cadence.
• Document compatibility and breaking-change policy.
• Expand capability limits and boundary conditions.
Is this a security certification?
No. SkillTrust audit is advisory and should be combined with your own review controls.
Can I install directly from this page?
No one-click install is provided. Use command guidance and run in your controlled environment.
Added: Autonomous vs Prompted Crons, Verify Implementation Not Intent, Tool Migration Checklist
Official source did not expose a direct install command.
Open official docsInstall method: instruction-only
Quick install
Quick preflight
Read source docs and verify prerequisites manually.Preflight checks
Post-install signal
Installed successfully? Send an activation signal to improve ranking quality over time.
Audit score 60 / 100. Risk guidance is advisory only; review evidence before install.
• Add troubleshooting and FAQ for common failures.
• Improve discoverability through verified source channels.
• Publish usage examples to increase activation quality.
• Reduce shell/file/network scope and document least privilege.
• Expose explicit provenance, dependency pinning, and security notes.
• Provide structured install + rollback steps for each supported agent.
• Mark official/verified status and keep metadata timestamps fresh.
Moderately fresh; review release notes before install.
Audit guidance: 60 / 100 · high
Scores with similar values can still differ in confidence; use evidence and risk lines below for final install judgment.
Risk 60 · Δ +0 · Findings 5
Apr 2, 2026 · auto
Latest high risk result from audit-standard-v2.