Agent Team Orchestration
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only multi-agent playbook with no hidden code, but it intentionally uses sub-agents, shared state, and optional scheduled workflows that should be scoped before use.
This skill appears safe to install if you want a multi-agent workflow. Before using it, decide which agents may be spawned, set budget and concurrency limits, restrict shared workspace contents, protect persistent SOUL.md/protocol files, and require review before shipping or acting on outputs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may lead the agent to create or coordinate multiple sub-agents for a task.
The skill encourages creating new sub-agent sessions as the normal coordination mechanism. That is central to the skill's purpose, but it can increase cost, workload, and downstream actions if not bounded.
**Default to spawn.** It's cleaner. Send is for exceptions.
Set explicit user approval rules, concurrency limits, task scope, budget limits, and completion criteria before allowing spawning.
Team agents or the orchestrator may access project materials beyond a single task's deliverables.
The workflow grants broad visibility within the team workspace. This is disclosed and useful for orchestration, but it means data placed in shared or agent workspaces may be visible to other roles.
Agents can read any shared directory - Orchestrator can read all workspaces for oversight
Keep secrets and unrelated private data out of shared directories, grant capabilities per role, and audit workspace access boundaries.
If persistent role files are edited incorrectly or by the wrong party, future agents could follow bad instructions.
The skill uses persistent role and boundary files that can influence future agent behavior. This is expected for team setup, but those files become sensitive coordination context.
Each agent gets a SOUL.md that defines: ... Role and scope ... Boundaries ... Team context
Limit who can edit identity and protocol files, review changes, and separate untrusted artifacts from durable instructions.
One agent's outputs or comments may be consumed by other agents and affect later work.
The skill relies on shared files, task comments, and session messages for agent-to-agent communication. This is purpose-aligned, but shared channels need clear origin, access, and trust boundaries.
Shared Files (Primary — Async) The default communication method. Persistent, auditable, no timing dependency.
Track authorship, treat shared artifacts as untrusted until reviewed, restrict shared-directory access, and avoid placing secrets in shared communication channels.
If enabled broadly, scheduled orchestration could continue creating work or agent sessions beyond the user's immediate attention.
The playbook includes recurring scheduled agents that can dispatch tasks and spawn workers. This is disclosed and fits sustained team workflows, but it introduces ongoing autonomous activity.
Task Dispatch Schedule: Every few hours (or on trigger) Agent: Orchestrator 1. Check inbox for new tasks ... 4. Assign and spawn
Enable scheduled Ops only deliberately, with a clear owner, logs, stop conditions, maximum concurrency, and human review for high-impact tasks.