ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Calling Agent Squad

v1.0.0

Activate a multi-agent team (the Squad) to manage complex projects, business tasks, or development workflows. The squad includes a Manager, Architect, Coder,...

0· 110·0 current·0 all-time
by@arbiger
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the provided files: this is a multi‑agent orchestrator with role personas and workspace conventions. It does not request external credentials or unusual binaries, which is proportionate. However the agents' manuals repeatedly instruct agents to read local memory files, edit MEMORY.md, and perform git commit/push operations — capabilities that are plausible for a squad orchestrator but are higher‑impact than the simple description implies and should be explicitly understood by the user.
!
Instruction Scope
SKILL.md and many AGENTS.md files instruct agents to read SOUL.md/IDENTITY.md and various memory files (memory/YYYY‑MM‑DD.md, MEMORY.md), create project folders under Documents/squad_projects, and the maintenance docs point to running bash ~/.openclaw/.../squad-init.sh. Some agent docs say 'Don't ask permission. Just do it.' and also permit 'commit and push your own changes' and running exec/tests. Those directives allow nontrivial local file access, modification, and potential outbound actions; they are broader than the user-facing description and contain contradictory guidance about when to ask before taking actions that leave the machine.
Install Mechanism
No install spec — instruction-only skill plus bundled files. That limits remote code downloads. There is a local initialization script (squad-init.sh) included; it will only run if the user explicitly executes it (e.g., maintenance instruction). Inspect the script before running.
Credentials
The skill declares no required env vars or credentials (proportionate). Nevertheless, many TOOLS.md examples mention SSH hosts, TTS, and other local secrets as optional notes; the skill's documents encourage storing local infra details in TOOLS.md. Those are examples rather than requirements, but users should avoid putting secrets into shared skill files.
Persistence & Privilege
always:false and no install hooks are good. The skill expects and documents spawning sub‑agents (openclaw agent calls) and using platform operations like sessions_spawn/exec. Autonomous invocation is the platform default — not alone a concern — but combined with the agent directives to modify files, run commands, and push commits, it increases blast radius if misused. The included init script can be run manually; it does not appear to force persistent system changes automatically.
What to consider before installing
Before installing or running this skill: 1) Review the bundled squad-init.sh (and any other scripts) line-by-line before executing them. 2) Understand that agents are instructed to read and edit local workspace memory files (memory/YYYY‑MM‑DD.md, MEMORY.md) and to create project folders under Documents — do not enable this skill on machines with sensitive secrets you don’t want the skill or its agents to see. 3) Note contradictory directions in the docs: some files say 'Don't ask permission. Just do it.' while others say to ask before sending data externally — clarify expected behaviour with the skill author or test in an isolated environment. 4) Avoid placing SSH keys, API tokens, or other secrets into TOOLS.md or the skill workspace. 5) If you allow 'full' mode (spawning sub‑agents), accept that multiple agent sessions may run commands (exec) and could perform commits/pushes if the workspace is configured for that — protect upstream repos with branch protections and require manual merges. 6) If you want to proceed, run the skill first in a disposable/sandbox user profile or VM and monitor filesystem and network activity; only enable on primary systems after you’re satisfied with its behaviour.

Like a lobster shell, security has layers — review code before you run it.

latestvk976ehv7t8qypphnp09tr6a1vs8358cfmulti-agentvk976ehv7t8qypphnp09tr6a1vs8358cfsquadvk976ehv7t8qypphnp09tr6a1vs8358cfworkflowvk976ehv7t8qypphnp09tr6a1vs8358cf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments