Agent manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly an agent-routing helper, but it includes broad default authority to delegate or spawn agents and a hard-coded Telegram escalation contact.
Review and replace the bundled agent registry before use, especially the Telegram escalation target and 'main' agent permissions. Only allow sub-agent spawning or cross-agent task assignment after explicit approval, and define how spawned agents are monitored and stopped.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent relying on this checker could treat the main agent as allowed to delegate tasks to any target, even if that target was not explicitly approved.
The permission checker authorizes any assignment from the 'main' agent without validating the target agent or the registry's can_assign_to rules.
if (sourceId === 'main') { ... return { allowed: true, reason: 'Main superuser privileges' }; }Require explicit target validation against the registry, limit 'main' to configured agents, and require human confirmation for broad or new delegation paths.
Following these instructions could create additional agents that continue work outside the immediate user request or without clear lifecycle control.
The routing rules allow creating sub-agents for new tasks, including long-running background work, without defining approval, runtime limits, cleanup, or containment requirements.
Spawn sub-agent when: ... Long-running background work needed
Add explicit user approval before spawning agents, define maximum runtime and scope, and document how spawned sessions are monitored and stopped.
Private task details or agent status reports could be sent to an unintended external contact if the routing rules are followed as installed.
The default registry contains a specific external human escalation target, so task reports or approvals may be routed to a hard-coded Telegram contact rather than an installer-controlled destination.
Level 2: Ilkerkaan (human, telegram:8143462994)
Remove personal default contacts, require the installer to configure their own escalation channel, and ask for user approval before sending task details externally.
Incorrect or untrusted registry entries could cause future tasks to be routed to the wrong agent or escalation target.
The skill stores routing, communication, preferences, and completed-work data in a persistent registry that future routing decisions may rely on.
completed_work: # Track what was done
Keep the registry under user control, review changes before using them for routing, and avoid storing sensitive task details unless needed.
Users may not realize that using the helper commands requires Node.js even though the registry requirement section says no binaries are needed.
The skill itself declares a Node runtime and documents Node script usage, while the registry metadata says no required binaries. The scripts are included and simple, so this is an under-declared setup requirement rather than hidden code.
metadata: {"openclaw":{"emoji":"🕵️","requires":{"bins":["node"]}}}Align the registry metadata with the skill's Node requirement and document which commands are optional helper scripts.