Agent Loops
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent as a multi-agent workflow runner, but its live workflows can delegate code changes and even ClawHub publishing to nested agents without a clear final approval gate.
Treat this as a powerful workflow runner. Use dry-run first, review which workflow will run, and be especially careful with the skill-publishing workflow because it can ask a nested agent to publish to ClawHub. Do not include secrets in prompts, and periodically clean saved run logs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user asking for publish preparation or running this workflow live could end up with a skill published to ClawHub by a nested agent before they have explicitly approved the final release.
The live workflow delegates an external publishing action to a spawned developer agent, but the artifacts do not show a final user confirmation gate, credential boundary, or rollback/review step immediately before publishing.
task_template: "Publish this skill to ClawHub. Run the clawhub-publisher with the review feedback incorporated:\n\nReview:\n{{ review_output }}"Separate 'prepare for publish' from 'publish now', require an explicit final confirmation before running publisher commands, and document any credentials or account permissions needed.
Live runs may cause multiple subagents to act on the workspace, depending on Claude CLI permissions and the workflow prompt.
The core runner executes nested Claude CLI agents with rendered workflow tasks. This is central to the skill's purpose, but users should understand that `--apply` is real execution rather than a planning-only mode.
cmd = [CLAUDE_BIN, "-p", task, "--output-format", "json"]
Use dry-run first, review the selected workflow, and run `--apply` only when you are comfortable with delegated agent execution.
If an unexpected or modified router exists at that path, workflow tasks may be passed to and influenced by code not included in this review.
The runner optionally invokes a router script from another local skill if present. This is disclosed in the README as optional routing, but the referenced helper is outside this artifact set and not declared as a formal requirement.
ROUTER = OPENCLAW_HOME / "workspace" / "skills" / "agent-swarm" / "scripts" / "router.py"
Install the agent-swarm router only from a trusted source, keep it reviewed, or disable/remove it if deterministic local routing is preferred.
Sensitive project details may remain on disk after a workflow finishes.
The skill intentionally persists live workflow data. That is useful for auditing, but prompts, code snippets, review results, and generated outputs can contain sensitive information.
Run persistence — Live runs are saved to `runs/` as JSON for auditing
Avoid including secrets in prompts, review saved run files periodically, and add retention or cleanup guidance for the `runs/` directory.
A bad intermediate response could steer subsequent agents toward incorrect, unsafe, or unintended changes.
The skill passes one agent's output directly into later agents. This is an intended feature, but it means mistaken or adversarial content in an earlier step can influence later steps.
Output chaining — Each step's output is available to subsequent steps as `{{ step_id_output }}`Inspect intermediate outputs for high-impact workflows and add guardrails that tell later agents to treat prior outputs as untrusted suggestions rather than authoritative instructions.