sub-agents

v1.0.0

Spawn and coordinate sub-agent sessions for parallel work. Use when delegating tasks (research, code, analysis), routing to appropriate models, or managing m...

⭐ 0· 150·0 current·0 all-time

by@bill492

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (spawn and coordinate sub-agents) matches the SKILL.md content. There are no unrelated required binaries, env vars, or installs — everything in the instructions is about session spawning, model routing, and handoff templates, which is coherent for this purpose.

ℹ

Instruction Scope

Instructions clearly limit sub-agents to the `task` string, explicit file paths, and attachments — which is good — but the skill explicitly instructs how to pass file contents/attachments to sub-agents and how to suppress announcements with ANNOUNCE_SKIP. That gives the user full control over what data the child sees; if a user includes sensitive files/attachments the sub-agent will receive them. ANNOUNCE_SKIP can be used to keep a child session from posting results to chat, which could hide outputs if misused.

✓

Install Mechanism

No install spec and no code files — instruction-only. This minimizes disk/remote install risk.

✓

Credentials

The skill requests no environment variables or credentials. It references provider/model names and subscription concepts, but it does not ask for keys or unrelated secrets in its metadata. Note: actual model/API credentials are expected to be handled by the platform, not the skill.

✓

Persistence & Privilege

always:false and normal autonomous invocation are used. The skill does not request persistent privileges or attempt to modify other skills' configs. It does allow spawning under another agent via `agentId` (requires allowlist), which depends on platform allowlist correctness.

Assessment

This skill is coherent for delegating work to sub-agents, but be careful what you hand to child sessions. Never attach secrets (API keys, private keys, passwords, or full database dumps) or sensitive files as attachments or explicit file paths unless you're certain the child should have them. Be cautious using ANNOUNCE_SKIP — it suppresses chat-level notices and can hide a sub-agent's outputs. Prefer sandbox=require or restrict tools for children where possible, limit agentId usage to trusted allowlisted agents, enable auditing/logging of spawned sessions, and test with harmless, non-sensitive tasks first.

Like a lobster shell, security has layers — review code before you run it.

latestvk973hvps2jsnckxhzddk6121pd8341t5

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

sub-agents

License

Comments