banner

Execution Model

How skills are isolated, what context they receive at call time, how proactive execution works, and what files define each skill's identity and behavior.

Skill isolation

Each skill runs as an isolated process. They share a common identity context but do not share state. A failure in one skill does not affect the others. Skills communicate through defined interfaces, not shared memory.

Execution context

Every skill receives an execution context at call time. The context carries:

  • Agent identity. The agent's Ethereum address, public key, and current delegation status from the ERC-8004 registry.
  • Policy snapshot. A pre-validated copy of the current rules configuration (spend limits, domain controls, quiet hours, action-type restrictions). Skills receive a snapshot, not a live reference.
  • Call counter. A monotonic nonce used for nullifier generation in Specter and receipt sequencing in Verification. Prevents replay without any cross-skill coordination.
  • Signed timestamp. The invocation timestamp signed by the agent key. Skills enforcing time-based policy use this value rather than reading the system clock independently, preventing clock-skew attacks.

The execution context is not globally mutable. Each skill receives its own copy. Modifications by one skill do not propagate to the next unless explicitly threaded through by the caller.

OpenClaw heartbeat: proactive execution

Most AI agent runtimes are reactive: they wait for a user message, process it, and respond. OpenClaw adds a heartbeat (a scheduler that wakes the agent on a configurable interval and executes registered skills automatically, without any user input).

KOGENT is built specifically around this model. Skills like Vigil only make sense in a heartbeat context: the value is not in responding to a query about the calendar, it is in detecting a change at 3 AM and acting on it before the user wakes up. The heartbeat is what separates a proactive agent from a smarter search engine.

Each KOGENT skill declares its heartbeat schedule in a HEARTBEAT.md file: the interval, the conditions under which it acts, and when it should stay silent. Vigil runs every 30 minutes during active hours. Identity runs a weekly integrity check. Skills that are purely reactive (Verification and Sieve) have no heartbeat schedule and fire only when called by another skill.

Skill file structure

Each KOGENT skill ships with three declarative files. These are not documentation. They are part of the security model.

SKILL.md

Human-readable description of the skill: what it does, its inputs, its outputs, its configuration options, and its external dependencies. The content hash of SKILL.md combined with identity.json is the metadata hash stored in ERC-8004 on-chain. If SKILL.md changes after registration, the hash no longer matches. Any verifier can detect the mismatch.

HEARTBEAT.md

The skill's proactive execution schedule. Declares the check interval, the conditions that trigger an action, and the conditions under which the skill should stay silent. The OpenClaw runtime reads this at skill load time to register the schedule.

identity.json

Machine-readable capability declaration: the data categories the skill touches, the external calls it makes, the signing key reference it uses, and the policy constraints it requires. Read by the execution context builder to enforce least-privilege access. A skill that declares no network access cannot initiate one.

PreviousData and PrivacyNextAudit and Receipts