safe-subagent-spawn
v1.0.0Safely create and manage subagents through a strict wrapper instead of calling sessions_spawn directly. Use whenever a task needs a subagent, detached helper...
⭐ 1· 42·0 current·0 all-time
by@devymex
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the provided scripts: create_context.py, safe_subagent_spawn.py, and append_to_context.py implement the declared workflow. No unrelated credentials, binaries, or install steps are requested. One implementation detail to note: create_context writes files under a computed CONTEXT_DIR (four parents up + 'sub-agents') which may place files in the workspace root; this is plausible for the purpose but worth verifying in your environment.
Instruction Scope
SKILL.md enforces strict rules about sequencing and that the parent should not read context files; the scripts implement and validate those rules. Two practical caveats: (1) append_to_context.py accepts --content-file and will read any file path you provide — so a caller can accidentally (or intentionally) inject arbitrary local file contents into a context file; (2) safe_subagent_spawn includes the absolute context file path in the generated 'task' text it sends to the child, which can reveal local paths in logs or payloads and assumes the child execution environment can access that path. These behaviors are coherent with the skill's purpose but have privacy/operational implications.
Install Mechanism
This is an instruction-only skill (no install spec). The package ships Python scripts but does not download or execute remote code during install. No extract/download URLs or external package installs are present.
Credentials
The skill requests no environment variables or credentials. It operates on files passed as arguments and on context files it creates; those file I/O operations are expected for the task. There is no unexplained credential access.
Persistence & Privilege
The skill explicitly requires context files to be permanent and configures spawned sessions with 'cleanup': 'keep', preserving child sessions and outputs. This creates persistent artifacts (context files and kept sessions) that may accumulate user data or sensitive content. Additionally, the default CONTEXT_DIR path construction could place these files outside the skill directory (e.g., workspace root). These are operational/privacy concerns rather than indicators of maliciousness, but you should account for retention, access controls, and potential leakage.
Assessment
This skill appears to do what it says, but review a few things before installing or using it: 1) Confirm where context files are written: inspect CONTEXT_DIR (create_context.py) to ensure files go to a safe location and won't expose or overwrite sensitive directories. 2) Treat context files and preserved sessions as persistent storage: they may contain user data and are kept indefinitely by the skill's rules—decide on retention and access control policies. 3) Be careful with append_to_context.py --content-file: callers can read and append arbitrary local files into a context (make sure you don't accidentally inject secrets). 4) Understand the execution environment for subagents: safe_subagent_spawn embeds the absolute path into the child prompt and assumes the child can read that file; if the child runs remotely or in a different sandbox, this may fail or leak path information. 5) If you need stricter privacy, consider modifying the workflow to redact secrets before appending, store context files in a controlled location, or change the cleanup policy. If you want, provide the full installation path where this skill will live and the runtime environment for spawned subagents and I can point out the exact CONTEXT_DIR and any path-leakage risks.Like a lobster shell, security has layers — review code before you run it.
latestvk976znjg2d9e6ex7t4ryxv9w7h84339j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.