Back to skill
Skillv1.0.0
ClawScan security
Agent Conductor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 9:44 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only orchestrator that is internally consistent with its stated purpose (delegating code-execution tasks to CLI/agent tools) and does not request extra credentials or installs; however it gives broad runtime authority to run agent CLI commands and interact with the filesystem, so use caution when enabling it in a privileged/autonomous environment.
- Guidance
- This skill is instruction-only and coherent for orchestrating CLI-based coding agents. Before installing: (1) Restrict which AGENT_CMD values the agent may invoke (use a controlled wrapper or allow-list) so the orchestrator cannot execute arbitrary system commands; (2) Run the skill in a sandbox or project-specific environment (not with root or system-wide access), since it routinely reads/writes files and runs processes; (3) Ensure any sub-agents you dispatch to are trusted and that their CLI tooling is configured with only the necessary credentials; (4) Review and supply safe completion/notification commands and avoid allowing the orchestrator to accept open-ended prompts that could trigger external network calls. These mitigations reduce the risk introduced by giving an orchestrator the ability to run arbitrary agent CLI commands and modify files.
Review Dimensions
- Purpose & Capability
- okName and description match the contents: the SKILL.md describes orchestrating coding sub-agents, task decomposition, parallel coordination, and verification. There are no unexpected required binaries, env vars, or config paths declared — consistent with an instruction-only orchestrator.
- Instruction Scope
- noteThe instructions explicitly tell the orchestrator to dispatch CLI commands (AGENT_CMD), run background/foreground processes, read logs and progress files, and verify output files. All of these are directly relevant to orchestration. However the instructions grant broad discretion to execute arbitrary agent commands and scripts (including reading and writing arbitrary project files and running long-lived background processes), which increases the operational risk depending on what the agent is allowed to run.
- Install Mechanism
- okNo install spec and no code files beyond documentation — lowest-risk delivery model. Nothing is downloaded or written by the skill itself.
- Credentials
- okThe skill declares no required environment variables or credentials. The dispatch template mentions that tasks may include project-specific env vars (proxy, auth), which is reasonable — those would be provided per-dispatch and are not requested by the skill itself.
- Persistence & Privilege
- okFlags show always:false and default autonomous invocation behavior. The skill does not request persistent privileges, nor does it modify other skills or system-wide settings in its instructions.