Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Team Workflows
v0.1.0Universal multi-agent workflow orchestration using Claude Code Agent Teams. Use when user asks to run a team workflow, create an agent team, or coordinate parallel work across multiple teammates — for any domain (software, content, data, strategy, research, etc.).
⭐ 5· 895·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi-agent workflow orchestration) matches the SKILL.md, domain presets, patterns, and prompt templates. The templates, role cards, and pipeline patterns are internally consistent and appropriate for the claimed functionality.
Instruction Scope
The SKILL.md instructs the user/agent to edit ~/.claude/settings.json to enable CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS and to spawn and forward complete artifacts between teammate agents (lead forwards 'full plan', paste inputs, etc.). Those instructions expand the agent's operational scope beyond just producing messages (they require modifying a user config file and relaying potentially large/sensitive inputs across agents). The skill also gives broad discretion to include full context in handoffs without explicit guidance to redact secrets or PII.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes install-time risk (nothing is downloaded or written by an installer), but runtime instructions still ask the user/agent to change a local settings file.
Credentials
Declared requirements list no env vars or credentials, which is consistent with the skill's metadata. However, SKILL.md asks to set an experimental flag in ~/.claude/settings.json (CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS) — this is a configuration change not declared in the 'required config paths' metadata and should be considered a minor mismatch. No external service credentials are requested.
Persistence & Privilege
The skill does not request permanent presence (always:false) and uses platform-default autonomous invocation. The only persistence-like action is the instruction to edit the user's ~/.claude/settings.json to enable an experimental feature; that file-write is outside the skill package and requires user action, but it does increase the skill's runtime capabilities if performed.
What to consider before installing
This skill appears to implement a well-structured multi-agent workflow, but exercise caution before installing or following its instructions: 1) The runtime docs tell you to modify ~/.claude/settings.json to enable an experimental 'agent teams' flag — that change is not declared in the skill metadata. Back up your settings file before editing and only set the flag if you trust the source. 2) The templates repeatedly instruct forwarding 'full' artifacts and pasting complete inputs between agents. That can leak secrets or sensitive files (credentials, private docs, PII). Review and redact any sensitive content before handing it to the workflow. 3) There's no install/download risk, but the skill's source is unknown and the package has no homepage — prefer skills from trusted authors or inspect provenance. 4) If you intend to let the agent run autonomously, monitor its actions and limit the data you provide; consider running initial tests with benign example inputs. If you want a lower-risk option, ask for a version that explicitly warns about PII handling and does not require changing local config files.Like a lobster shell, security has layers — review code before you run it.
latestvk97cqaj4yfm86ddv9qvmsyj2dh81325d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.