ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Conductor

v1.0.0

Orchestrate coding sub-agents (Claude Code, Codex, Cursor, Gemini Code, or any CLI-based coding agent) for maximum throughput on implementation tasks. Use wh...

1· 351·1 current·1 all-time
by@aicodelion
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the contents: the SKILL.md describes orchestrating coding sub-agents, task decomposition, parallel coordination, and verification. There are no unexpected required binaries, env vars, or config paths declared — consistent with an instruction-only orchestrator.
Instruction Scope
The instructions explicitly tell the orchestrator to dispatch CLI commands (AGENT_CMD), run background/foreground processes, read logs and progress files, and verify output files. All of these are directly relevant to orchestration. However the instructions grant broad discretion to execute arbitrary agent commands and scripts (including reading and writing arbitrary project files and running long-lived background processes), which increases the operational risk depending on what the agent is allowed to run.
Install Mechanism
No install spec and no code files beyond documentation — lowest-risk delivery model. Nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The dispatch template mentions that tasks may include project-specific env vars (proxy, auth), which is reasonable — those would be provided per-dispatch and are not requested by the skill itself.
Persistence & Privilege
Flags show always:false and default autonomous invocation behavior. The skill does not request persistent privileges, nor does it modify other skills or system-wide settings in its instructions.
Assessment
This skill is instruction-only and coherent for orchestrating CLI-based coding agents. Before installing: (1) Restrict which AGENT_CMD values the agent may invoke (use a controlled wrapper or allow-list) so the orchestrator cannot execute arbitrary system commands; (2) Run the skill in a sandbox or project-specific environment (not with root or system-wide access), since it routinely reads/writes files and runs processes; (3) Ensure any sub-agents you dispatch to are trusted and that their CLI tooling is configured with only the necessary credentials; (4) Review and supply safe completion/notification commands and avoid allowing the orchestrator to accept open-ended prompts that could trigger external network calls. These mitigations reduce the risk introduced by giving an orchestrator the ability to run arbitrary agent CLI commands and modify files.

Like a lobster shell, security has layers — review code before you run it.

latestvk972hx8589xpxq3sxpxj2ajjch8299s9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments