ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent manager

Manage Clawdbot agents: discover, profile, track capabilities, define routing hierarchy, and assign tasks. Use when: (1) Listing available agents, (2) Profiling agent capabilities and communication methods, (3) Defining agent routing (can_assign_to, reports_to, escalation_path), (4) Assigning tasks to appropriate agents, (5) Tracking agent performance and completed work, (6) Updating agent registry after changes.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
5 · 3.6k · 16 current installs · 18 all-time installs
byagentandbot@agentandbot-design
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description promise: full discovery, routing, and assignment across agents. Reality: the scripts are prototypes that use MOCK_AGENTS and local references/*.md files, with no integration calls to actual agent platform APIs (sessions_send/sessions_spawn are only referenced in comments/pseudocode). Also the top-level registry metadata lists no required binaries while SKILL.md metadata requires node — inconsistent. The skill therefore cannot actually perform distributed agent management as advertised without further platform integration.
Instruction Scope
Runtime instructions (SKILL.md) are explicit about running included node scripts and following a handshake protocol. They do not instruct reading arbitrary system paths or exfiltrating data. Scripts operate on the repository's references/*.md files and console I/O. The system prompt and handshake protocol are plausible, but the instructions assume platform APIs exist even though the shipped scripts are local prototypes.
Install Mechanism
No install spec / no external downloads — code is packaged with the skill. This is lower risk from an installation vector perspective because nothing is fetched or executed from external URLs during install.
!
Credentials
Declared requirements are minimal (metadata conflict: SKILL.md requires node but registry metadata listed none). The skill references platform-level tools (sessions_send, sessions_spawn, gateway, message, etc.) and a human contact (Telegram number) in the registry, but it does not declare any required credentials or config paths to access those tools. That mismatch means the skill advertises operations requiring privileged platform access while not requesting the credentials/config needed — misleading and a potential integration/privilege gap. Also the registry contains a personal phone number (Ilkerkaan) which is PII present in the packaged files.
Persistence & Privilege
Flags: always is false and the skill is user-invocable. The skill writes only to its own packaged references/agent-registry.md (setup_wizard and scan/update write in the repo). It does not request to change other skills or global agent settings. No elevated persistence privileges are requested.
What to consider before installing
This skill is a prototype/infrastructure for managing agents, not a complete integrated manager. Before installing or using it: (1) note the inconsistency — SKILL.md expects node but top-level metadata claimed no required binaries; ensure you have node if you intend to run scripts. (2) Review the code: the scripts operate on local markdown and use mock data; they do not call the agent platform APIs (sessions_send/sessions_spawn) — enabling full functionality would require hooking these scripts to your platform's SDK/APIs and likely providing credentials. (3) Be aware the registry contains a Telegram phone number (PII); remove or replace any real personal contact before sharing or deploying. (4) Run the scripts in a sandbox or review them line-by-line before giving any agent-management credentials; do not expose platform tokens or network-accessible credentials to the packaged scripts until you have implemented proper integration and access controls. (5) If you expect real routing/assignment functionality, ask the author how the skill obtains platform access (which environment variables or config paths), and verify those requests are minimal and justified. Given these inconsistencies and prototype status, treat the package as 'use for testing and review only' until its integration requirements are clarified.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
agent-managementvk973ke7hrfnxxkv07cx5svcqdn8096zhhierarchyvk973ke7hrfnxxkv07cx5svcqdn8096zhlatestvk971q5s4fpckh2sbg6jr0gr53d8087t4orchestrationvk973ke7hrfnxxkv07cx5svcqdn8096zhprotocolsvk973ke7hrfnxxkv07cx5svcqdn8096zhtoolsvk973ke7hrfnxxkv07cx5svcqdn8096zh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agents Manager

Manage all Clawdbot agents centrally: discover available agents, profile their capabilities, define routing hierarchy (who can assign to whom, who reports to whom), and intelligently route new tasks through the escalation chain.

🤖 For Agents

System Prompt (Copy-Paste)

Give this prompt to any agent to teach them this skill:

"You have access to the agents-manager skill. Use it to discover peers (scan_agents), check permissions (can_assign.js), and route tasks. Always follow the Handshake Protocol: Check requires_approval before assigning. If true, ask me first."

Core Rules

  1. Discovery: Always check scan_agents.js before assuming an agent exists.
  2. Permission: Never assign a task without checking can_assign.js or agent-registry.md.
  3. protocol:
    • IF requires_approval is FALSE -> Assign directly.
    • IF requires_approval is TRUE -> Ask supervisor (Human or Agent).

👤 For Humans

Quick Start

GoalCommand
Setupnode scripts/setup_wizard.js (Run this first!)
Listnode scripts/scan_agents.js
Healthnode scripts/health_check.js
Statsnode scripts/log_analyzer.js

1. Agent Discovery & Profiling

List and profile all agents to understand their capabilities and routing configuration.

# List all agents
node {baseDir}/scripts/scan_agents.js

# Profile specific agent
node {baseDir}/scripts/generate_card.js <agent_id>

2. Validation & Health

Ensure your agent ecosystem is healthy and valid.

# Validate registry integrity
node {baseDir}/scripts/validate_registry.js

# Check permissions (Agent A -> Agent B)
node {baseDir}/scripts/can_assign.js <source_id> <target_id>

# Visualize hierarchy
node {baseDir}/scripts/visualize_agents.js

3. Task Routing & Escalation

Define how tasks flow between agents using references/task-routing-rules.md.

  • Direct: Agent → Agent (if can_assign_to allows)
  • Handshake: Request approval if requires_approval is true.
  • Escalation: Helper → Supervisor → Human

Resources

Scripts

  • scan_agents.js: Discovery tool
  • validate_registry.js: Schema validator
  • can_assign.js: Permission checker
  • generate_card.js: Agent card generator
  • visualize_agents.js: Hierarchy visualizer
  • scan_agents.js: Discovery tool
  • validate_registry.js: Schema validator
  • can_assign.js: Permission checker
  • generate_card.js: Agent card generator
  • visualize_agents.js: Hierarchy visualizer
  • health_check.js: Status monitor (Healthy/Slow/Offline)
  • log_analyzer.js: Performance stats (Jobs/Success Rate)
  • setup_wizard.js: Interactive configuration tool

Files

14 total
Select a file
Select a file to preview.

Comments

Loading comments…