Agent Designer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent local toolkit for designing and evaluating multi-agent systems, with only documented, purpose-aligned local script execution and design-level powerful tool concepts to review.
This skill looks suitable as a design and analysis toolkit. Before installing or using it, review the included Python scripts, run them only on intended JSON inputs, and treat any generated agent/tool architecture as a draft that still needs least-privilege permissions, approval gates, communication boundaries, and data-retention rules before production use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may need to make their own trust decision about the included local scripts and ensure Python is available before using the documented helpers.
The registry metadata provides limited provenance and does not declare Python as a requirement even though the README documents Python helper scripts. This is a transparency/provenance note rather than suspicious behavior.
Source: unknown; Homepage: none; Required binaries: none; No install spec — this is an instruction-only skill.
Review the included scripts before running them and run them from a controlled working directory with intended input files.
Running the helpers executes local code and writes files using the chosen output prefix.
The documented workflow asks the user to run local Python scripts that create output files. This is central to the skill’s stated purpose and is user-directed, not automatic.
python agent_planner.py assets/sample_system_requirements.json -o my_architecture ... This generates: my_architecture.json ... my_architecture_diagram.mmd ... my_architecture_roadmap.json
Run the commands only when intended, review outputs before using them operationally, and avoid feeding sensitive logs or requirements unless appropriate.
If a user implements generated designs literally, agents could be given high-impact abilities such as code execution, file operations, or external API calls.
The planner can include broad tool archetypes in generated architecture designs. The artifacts show these as design descriptors rather than direct runtime tool access, but implementations of such tools would need strong scoping and approval controls.
"code_executor": Tool(... description="Execute code in various languages" ...), "file_manager": Tool(... description="Manage files and directories" ...), "api_client": Tool(... description="Make API calls to external services" ...)
Treat generated tool recommendations as drafts; add least-privilege scopes, human approval for high-impact actions, input validation, logging, and rollback plans before implementation.
Poorly scoped agent-to-agent communication in a system built from these designs could spread bad inputs or expose shared data between agents.
The skill teaches and may generate designs involving message queues and shared state between agents. This is purpose-aligned architecture guidance, but such designs require clear identity, origin, permission, and data-boundary rules when implemented.
Communication Patterns ... Message Passing ... Asynchronous Messaging ... Message queues ... Shared State ... State Stores
When implementing generated architectures, define message schemas, authentication, authorization, provenance tracking, and data-retention rules for all shared state and inter-agent channels.