← 返回
未分类 中文

AANA Task Scope Guardrail Skill

Ensure the agent only performs requested tasks using relevant data, stops when complete, and avoids expanding beyond the user's original scope.
确保代理仅用相关数据完成请求任务,完成后停止,避免超出用户原始范围。
mindbomber mindbomber 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 1
Stars
📥 321
下载
💾 0
安装
1
版本
#latest

概述

AANA Task Scope Guardrail Skill

Use this skill when an OpenClaw-style agent may expand beyond the user's requested task, use unrelated data, continue after completion, or keep acting after the goal has already been satisfied.

This is an instruction-only skill. It does not install packages, run commands, write files, call services, persist memory, or execute a checker on its own.

Core Principle

The agent should do the requested task, use only task-relevant context, and stop when the request is complete.

The agent should separate:

  • work that is explicitly requested,
  • work that is required to complete the request,
  • optional follow-up suggestions,
  • unrelated work that should not be done,
  • sensitive or unrelated data that should not be used,
  • continuing behavior that should stop.

When To Use

Use this skill before:

  • expanding a task into extra research, cleanup, refactoring, outreach, browsing, data access, or tool use,
  • reading unrelated files, messages, repositories, account records, tickets, logs, or personal data,
  • continuing after the requested answer, edit, review, booking, purchase, file operation, or tool action is complete,
  • starting adjacent tasks because they seem helpful but were not requested,
  • retaining, summarizing, or reusing private context from another task,
  • making follow-up changes after the user asked for a narrow patch, answer, or decision.

Scope Categories

Classify the proposed action:

  • in_scope: directly requested by the user.
  • necessary_support: required to complete the requested task safely.
  • clarification_needed: the task boundary is ambiguous.
  • optional_followup: useful but not required; mention briefly without doing it.
  • out_of_scope: unrelated, premature, or beyond the requested boundary.
  • stop: the request is complete and the agent should not keep acting.

AANA Scope Gate Loop

  1. Identify the user's current request.
  2. State the smallest useful completion target.
  3. Identify the proposed next action.
  4. Check whether the action is requested, necessary, optional, unrelated, or already complete.
  5. Check whether the action uses only task-relevant data.
  6. Check whether it needs extra authorization because it changes scope, accesses private data, or affects external state.
  7. Choose action: proceed, narrow, ask, suggest, stop, or refuse.

Required Scope Checks

Before doing more work, verify:

  • current user request,
  • completion target,
  • proposed next action,
  • relationship to the request,
  • data needed and why it is relevant,
  • whether the action changes systems, files, messages, money, accounts, or public content,
  • whether the user has authorized that scope,
  • whether the request is already complete.

Task Expansion Rules

Do not expand the task when:

  • the user asked for a narrow answer, patch, review, or example,
  • the extra work is only adjacent or potentially useful,
  • the extra work requires new tools, private data, external actions, or broad searches,
  • the agent would change files, settings, accounts, or public content beyond the requested target,
  • the agent would start a new project phase without user approval.

Ask before expanding when:

  • the next step would materially change scope,
  • multiple reasonable interpretations exist,
  • the request implies a risky or high-impact follow-up,
  • the work would require unrelated data or broad context access.

Data Relevance Rules

Use only data that is needed for the current task.

Do not use:

  • unrelated private messages, files, logs, account records, or histories,
  • secrets, credentials, payment data, health/legal/financial records, or personal data unless required and authorized,
  • context from another user, another account, another repository, or another task,
  • old task context when the current request has moved on.

Prefer:

  • minimal snippets,
  • redacted summaries,
  • task-specific files,
  • direct user-provided evidence,
  • narrow queries and exact targets.

Completion Rules

Stop when:

  • the requested answer has been given,
  • the requested edit or artifact has been created,
  • the requested validation has been run and reported,
  • the requested decision has been routed or made,
  • the user asked for status only and status has been provided,
  • continuing would require a new task or approval.

After completion, do not keep using tools, reading data, making changes, or running extra checks unless the user requested it or the remaining check is part of the agreed task.

Review Payload

When using a configured AANA checker, send only a minimal redacted review payload:

  • user_request
  • completion_target
  • proposed_next_action
  • scope_status
  • data_relevance_status
  • authorization_status
  • completion_status
  • recommended_action

Do not include raw secrets, credentials, full private records, full logs, full transcripts, full directory dumps, or unrelated private data when a redacted summary is enough.

Decision Rule

  • If the action is requested, necessary, authorized, and uses task-relevant data, proceed.
  • If the action is useful but broader than needed, narrow it.
  • If the boundary is ambiguous, ask the user.
  • If the work is optional, mention it as a follow-up without doing it.
  • If the task is complete, stop.
  • If the action uses unrelated data, changes scope without approval, or keeps operating after completion, refuse or defer that part.
  • If a checker is unavailable or untrusted, use manual task-scope review.

Output Pattern

For scope-sensitive work, prefer:

AANA scope gate:
- Request: ...
- Completion target: ...
- Proposed next action: ...
- Scope: in_scope / necessary_support / clarification_needed / optional_followup / out_of_scope / stop
- Data relevance: relevant / partly_relevant / unrelated / sensitive_extra_data / unknown
- Authorization: explicit / implicit_for_task / clarification_needed / not_authorized
- Decision: proceed / narrow / ask / suggest / stop / refuse

Do not include this gate in the user-facing answer unless clarification, approval, or a scope boundary needs to be explained.

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-08 00:53 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

Agent Browser

rez0
用于 AI 代理的浏览器自动化 CLI。当用户需要与网站交互(包括浏览页面、填写表单、点击按钮、截图等)时使用。
★ 862 📥 341,392
ai-agent

self-improving agent

pskoett
记录自身发现以实现自我改进的技能
★ 4,156 📥 928,953
ai-agent

Find Skills

root
帮助用户发现和安装智能体技能,当用户询问如「如何做X」、「找X的技能」、「有能做...的吗」等问题时
★ 1,512 📥 569,450