multi-agents-orchestration
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent with multi-agent orchestration, but it promotes broad background agent delegation that users should review carefully before enabling.
Use this skill only if you intentionally want multi-agent orchestration. Before copying the examples, replace wildcard agent permissions with narrow allowlists, decide when background spawning requires user approval, keep logs of spawned tasks, and secure any Discord bot tokens and channel permissions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A main agent could pass work or context to other agents in the background, and the user may not know which agents were involved or what they were asked to do.
The skill makes background sub-agent spawning the primary workflow and explicitly says the user does not see the subtask execution. The provided content does not show clear approval, audit, or task-scope limits.
主 Agent 通过 `sessions_spawn` 在后台拉起子 Agent。用户只和主 Agent 对话。 ... 子任务后台完成,用户不可见
Require explicit user approval or visible logging for spawned agents, define which agents may be used for which tasks, and add clear stop conditions and review points before high-impact actions.
If copied as-is, agents may be able to invoke any configured sub-agent, expanding the effective permission boundary and increasing the risk of unintended task chaining.
The configuration examples use a wildcard allowlist for sub-agent access. That grants broad delegation authority instead of limiting each agent to a specific, necessary set of peers.
"subagents": { "allowAgents": ["*"] }Replace `allowAgents: ["*"]` with named allowlists for each role, document why each delegation is needed, and avoid giving specialist agents broad spawn authority by default.
Discord bot tokens, channel permissions, and public bot-to-bot messages can expose or trigger agent behavior outside the private main-agent flow if configured too broadly.
The skill documents optional Discord bot accounts and bot-to-bot mentions. This is purpose-aligned and partly constrained by the instruction to use it only when public collaboration is needed, but it introduces external channel and token handling.
需要额外维护 Discord token、binding、频道权限 ... Bot 之间在 Discord 里互相 `@`。非主流程,仅在明确需要公开协作时启用。
Store Discord tokens securely, use channel and guild allowlists, keep bot-to-bot mentions disabled unless needed, and review public channels for sensitive information before enabling bots.