ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi-Agent Engine v8

v8.2.1

Multi-Agent Orchestrator v8.2.1 - Enhanced stability (Node.js v24 compatibility, lazy environment detection, third-party environment adaptation). Supports go...

0· 81·0 current·0 all-time
by@bjmrcft-hash

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bjmrcft-hash/multi-agent-engine-v8.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Multi-Agent Engine v8" (bjmrcft-hash/multi-agent-engine-v8) from ClawHub.
Skill page: https://clawhub.ai/bjmrcft-hash/multi-agent-engine-v8
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install multi-agent-engine-v8

ClawHub CLI

Package manager switcher

npx clawhub@latest install multi-agent-engine-v8
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the bundled code: this is a multi-agent orchestrator that manages agents, plans, aggregation, archiving and workspace directories. The requested capabilities (filesystem access, config reading, model config inspection) are coherent with that purpose.
Instruction Scope
The SKILL.md exposes CLI-like commands (check_env, run, plan) which map to the code. At runtime the code reads/writes many files under ~/.openclaw/workspace (profiles, workflows, shared outputs, agent workspaces), performs archiving/cleanup, and may call process.exit on fatal environment checks. These file operations are expected for this skill but constitute persistent local changes and should be noted.
Install Mechanism
There is no external install spec (no downloads or remote installers). The bundle includes many local JS modules that will be executed by the agent environment. No remote URLs, package downloads, or archive extraction were observed in the provided snippets.
Credentials
The skill declares no required env vars, but the code reads process.env.OPENCLAW_VERSION and HOME/USERPROFILE. It also reads ~/.openclaw/openclaw.json to inspect provider/model configuration. That is proportional to adapting to the host environment, but users should be aware that the skill reads local OpenClaw config files (which might contain provider metadata and, depending on user setup, sensitive fields).
Persistence & Privilege
always:false and no elevated platform privileges were requested. The skill creates and persists directories and files under the user's home (~/.openclaw/workspace), writes backups (.bak), archives workflows, and can delete files within its shared/ area. This is expected behaviour for an orchestrator but is persistent and modifies user files.
Scan Findings in Context
[no_pre-scan_findings] expected: The static pre-scan reported no injection signals. The codebase is present and not obfuscated; manual review (which was performed here on the provided snippets) is the appropriate next step.
Assessment
This skill appears to be what it says: a local multi-agent orchestrator that manages agent workspaces, aggregates outputs, archives results, and validates environment compatibility. Before installing or running it: 1) Review ~/.openclaw/openclaw.json and other workspace files for any stored secrets—the skill reads that file to discover models (it does not appear to send it anywhere). 2) Expect the skill to create and modify files under ~/.openclaw/workspace (profiles, agents/, shared/, archive/, logs/, etc.) and to create .bak backups. 3) Run the provided check_env first to see any compatibility messages; note the code may call process.exit on fatal errors and stop the host process. 4) If you are concerned about side effects, run it in a sandboxed environment or a throwaway account first. 5) If you need stronger assurance, review the remaining truncated files (the bundle contains many modules) for any network calls or unexpected behavior before granting persistent use.
lib/modelSelector.js:184
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brryzmsqq1qd0km2v6mwerd85d1y8
81downloads
0stars
1versions
Updated 5d ago
v8.2.1
MIT-0
@bjmrcft-hash
latest
Download

Multi-Agent Orchestrator v8.2.1

Goal-driven deep research and project collaboration system with multi-agent parallel execution.

Key Features

  • Lazy environment detection - No blocking on module load
  • Node.js v24 compatibility - Warnings for compatibility issues
  • openclaw.json size protection - 5MB limit
  • Simplified model pool - No hardcoded model IDs

Commands

# Environment check
multi-agent check_env

# Start workflow
multi-agent run --goal "Research topic"

# Generate plan
multi-agent plan --goal "Research topic"

# View help
multi-agent help

Requirements

  • OpenClaw: 2026.3.x+
  • Node.js: 20.5+ (recommended: 20 LTS or 22 LTS)

Changelog

  • v8.2.1: No hardcoded model IDs (adapts to third-party environments)
  • v8.2.0: Node.js v24 compatibility + environment detection optimization
  • v8.1.0: Active polling monitor + timeout degradation
  • v8.0.0: Token optimization + JSON constraint output

Comments

Loading comments...