Joko Proactive Agent

The name/description (proactive, stateful agent) lines up with the artifacts: workspace files, WAL/working-buffer protocols, and a security-audit script. Nothing requests unrelated cloud credentials or external services. Note: AGENTS.md contains the phrase "Don't ask permission. Just do it." which conflicts with other guardrails and could escalate autonomous actions if followed.

The SKILL.md and assets instruct the agent to read/write many workspace files (SESSION-STATE.md, MEMORY.md, ONBOARDING.md, AGENTS.md, memory/ working-buffer), scan logs (tail /tmp/clawdbot/*.log), and check $HOME/.clawdbot/clawdbot.json. Reading and updating workspace files is expected, but tailing system/log paths and inspecting user home config is broader than a simple 'helper' and may expose sensitive context. There are also contradictory instructions across files: most files emphasize requiring human approval for external actions, but some statements (e.g., "Don't ask permission. Just do it.") remove that gate — this inconsistency is an operational risk.

No install spec and only one simple shell audit script included. There are no downloads or extract steps and no external packages being pulled in. Instruction-only skills + a local script minimize supply-chain risk compared with arbitrary remote installs.

The skill declares no required environment variables or credentials. The included security patterns and script check local .credentials and .gitignore; those checks are reasonable for a self-auditing agent and proportional to the stated purpose.

The skill does not request always:true and is user-invocable only. It instructs persistent behavior (writing SESSION-STATE.md, working buffers, memory files) which is consistent with a stateful agent. However, the mixed messaging about when to seek human approval could grant the agent broader autonomy in practice — combine this with the platform-default autonomous invocation and the agent could act without the explicit manual gating the user expects.