Use when user wants to execute long-running tasks that require multiple sessions to complete. This skill manages task decomposition, progress tracking, and a...
Security Analysis
medium confidenceThe skill's behavior mostly matches its stated goal (managing long-running tasks and modifying a project), but it instructs the Claude CLI to run with an explicit permission-bypass flag and will autonomously read and modify repository files — this is a disproportionate privilege that deserves scrutiny.
The skill's files and runtime instructions (creating .autonomous/<task>/, generating task_list.md/progress.md, running Initializer/Executor sessions, and updating project files) are consistent with a long-running autonomous task executor. It expects the 'claude' CLI to be available (used to drive the agent). Nothing else (env vars, unrelated binaries) is requested. Note: relying on the local 'claude' CLI means it will implicitly use whatever credentials/config the user has for that tool, which is not declared but is expected for this purpose.
The SKILL.md and templates instruct the agent to read repository state (ls, cat, git log), run builds/tests, commit changes, and modify project files beyond the .autonomous task-tracking folder. Critically, the run scripts call claude with '--permission-mode bypassPermissions' (and the SKILL.md describes 'auto-continuation' for unlimited sessions). Instructing the model to run with a permissions bypass and to autonomously continue sessions broadens what the skill can do well beyond simple task-tracking and could enable sustained modification of the user's workspace without additional explicit consent.
No install spec; only an included shell script and templates. No remote downloads or package installs are specified. This is low install risk.
The manifest declares no required environment variables or credentials, which aligns with the files. However, the runtime requires a 'claude' CLI binary (checked at runtime) that will use the user's existing Claude credentials/config. That implicit dependency on the user's LLM credentials is proportional to the feature but should be noted: the skill will act using those creds via the local CLI, and the script requests a bypass of permission controls when invoking it.
The skill is not marked 'always:true', and model invocation is allowed (default). However, the combination of (a) autonomous auto-continuation loops, (b) repeated headless invocations, and (c) explicit use of '--permission-mode bypassPermissions' increases the blast radius: an autonomous agent could repeatedly modify project files, run builds/tests, and commit changes without further user prompts. This elevated runtime privilege is the primary concern.
Guidance
What to consider before installing or running this skill: - The skill will create a .autonomous/<task>/ directory and will read and modify both those tracking files and your project files (it explicitly recommends running builds, tests, and git commits). If you run it in a real project, expect it to change source files and commit them. - The run script invokes the 'claude' CLI with a permission-bypass flag (--permission-mode bypassPermissions). That bypass is the key risk: it asks the local Claude client to ignore normal permission controls so the agent can act autonomously. Ask yourself whether you trust any skill to operate without additional prompts. - Because the skill uses your local 'claude' CLI, it will act with whatever credentials/config the CLI is already using. There are no declared env vars, but credentials are implicitly used — consider running this only in a disposable environment or a non-production repository. - Recommendations before use: - Inspect and, if needed, remove or modify the '--permission-mode bypassPermissions' invocation so actions require explicit confirmation. - Run the script first in an isolated test repo (or a throwaway container) to observe behavior and ensure it doesn't touch anything sensitive. - Review and restrict filesystem location where the skill runs (avoid running at system root). The script validates task names to avoid path traversal, but you should still run in a controlled workspace. - Consider requiring manual confirmation before commits or disabling auto-continue (the script has flags for no-auto-continue / max-sessions; use them). - If you need higher assurance, request from the skill author an explanation why permission bypass is required and a version that operates without bypass or with an explicit confirmation step for file modifications. Confidence note: medium — the skill's files and instructions are coherent with an autonomous task-runner, but the explicit permission-bypass flag and autonomous continuation materially increase risk. Additional information (author rationale for bypassPermissions, details on how the platform enforces 'permission-mode', or a version of the skill without bypass) would raise or lower confidence.
Latest Release
v0.1.0
Initial release of autonomous-skill for multi-session long-running task management. - Enables execution of complex, multi-stage tasks across sessions with autonomous progress tracking. - Uses a dual-agent model (Initializer and Executor) to decompose tasks and drive progress. - Stores per-task data in `.autonomous/<task-name>/` for isolation and easy management. - Supports automatic continuation, reporting, and clear directory/task structure. - Triggered by phrases including "autonomous", "long-running task", and equivalents in Chinese.
More by @feiskyer
Published by @feiskyer on ClawHub
