Agent Team Orchestration
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-team-orchestration Version: 1.0.0 The OpenClaw AgentSkills skill bundle provides a comprehensive framework for orchestrating multi-agent teams, defining roles, task lifecycles, and communication protocols. All instructions across SKILL.md and the reference markdown files (communication.md, patterns.md, task-lifecycle.md, team-setup.md) are focused on establishing structured, transparent, and auditable workflows. There is no evidence of intentional harmful behavior such as data exfiltration, malicious execution, persistence mechanisms, or prompt injection designed to bypass user intent or perform unauthorized actions. The instructions emphasize shared, auditable artifact paths (`/shared/`), clear communication, and role-based access, which are positive security practices for an agent-based system.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may lead the agent to create or coordinate multiple sub-agents for a task.
The skill encourages creating new sub-agent sessions as the normal coordination mechanism. That is central to the skill's purpose, but it can increase cost, workload, and downstream actions if not bounded.
**Default to spawn.** It's cleaner. Send is for exceptions.
Set explicit user approval rules, concurrency limits, task scope, budget limits, and completion criteria before allowing spawning.
Team agents or the orchestrator may access project materials beyond a single task's deliverables.
The workflow grants broad visibility within the team workspace. This is disclosed and useful for orchestration, but it means data placed in shared or agent workspaces may be visible to other roles.
Agents can read any shared directory - Orchestrator can read all workspaces for oversight
Keep secrets and unrelated private data out of shared directories, grant capabilities per role, and audit workspace access boundaries.
If persistent role files are edited incorrectly or by the wrong party, future agents could follow bad instructions.
The skill uses persistent role and boundary files that can influence future agent behavior. This is expected for team setup, but those files become sensitive coordination context.
Each agent gets a SOUL.md that defines: ... Role and scope ... Boundaries ... Team context
Limit who can edit identity and protocol files, review changes, and separate untrusted artifacts from durable instructions.
One agent's outputs or comments may be consumed by other agents and affect later work.
The skill relies on shared files, task comments, and session messages for agent-to-agent communication. This is purpose-aligned, but shared channels need clear origin, access, and trust boundaries.
Shared Files (Primary — Async) The default communication method. Persistent, auditable, no timing dependency.
Track authorship, treat shared artifacts as untrusted until reviewed, restrict shared-directory access, and avoid placing secrets in shared communication channels.
If enabled broadly, scheduled orchestration could continue creating work or agent sessions beyond the user's immediate attention.
The playbook includes recurring scheduled agents that can dispatch tasks and spawn workers. This is disclosed and fits sustained team workflows, but it introduces ongoing autonomous activity.
Task Dispatch Schedule: Every few hours (or on trigger) Agent: Orchestrator 1. Check inbox for new tasks ... 4. Assign and spawn
Enable scheduled Ops only deliberately, with a clear owner, logs, stop conditions, maximum concurrency, and human review for high-impact tasks.