Back to skill
Skillv0.1.0
ClawScan security
Agent Team Workflows · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 13, 2026, 4:18 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's workflow templates and role-based orchestration are coherent with its stated purpose, but the runtime instructions ask you to modify a user config file and to forward whole artifacts between agents (which could expose sensitive data) — these behaviors are not declared in the metadata and merit caution.
- Guidance
- This skill appears to implement a well-structured multi-agent workflow, but exercise caution before installing or following its instructions: 1) The runtime docs tell you to modify ~/.claude/settings.json to enable an experimental 'agent teams' flag — that change is not declared in the skill metadata. Back up your settings file before editing and only set the flag if you trust the source. 2) The templates repeatedly instruct forwarding 'full' artifacts and pasting complete inputs between agents. That can leak secrets or sensitive files (credentials, private docs, PII). Review and redact any sensitive content before handing it to the workflow. 3) There's no install/download risk, but the skill's source is unknown and the package has no homepage — prefer skills from trusted authors or inspect provenance. 4) If you intend to let the agent run autonomously, monitor its actions and limit the data you provide; consider running initial tests with benign example inputs. If you want a lower-risk option, ask for a version that explicitly warns about PII handling and does not require changing local config files.
Review Dimensions
- Purpose & Capability
- okThe name/description (multi-agent workflow orchestration) matches the SKILL.md, domain presets, patterns, and prompt templates. The templates, role cards, and pipeline patterns are internally consistent and appropriate for the claimed functionality.
- Instruction Scope
- concernThe SKILL.md instructs the user/agent to edit ~/.claude/settings.json to enable CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS and to spawn and forward complete artifacts between teammate agents (lead forwards 'full plan', paste inputs, etc.). Those instructions expand the agent's operational scope beyond just producing messages (they require modifying a user config file and relaying potentially large/sensitive inputs across agents). The skill also gives broad discretion to include full context in handoffs without explicit guidance to redact secrets or PII.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes install-time risk (nothing is downloaded or written by an installer), but runtime instructions still ask the user/agent to change a local settings file.
- Credentials
- noteDeclared requirements list no env vars or credentials, which is consistent with the skill's metadata. However, SKILL.md asks to set an experimental flag in ~/.claude/settings.json (CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS) — this is a configuration change not declared in the 'required config paths' metadata and should be considered a minor mismatch. No external service credentials are requested.
- Persistence & Privilege
- noteThe skill does not request permanent presence (always:false) and uses platform-default autonomous invocation. The only persistence-like action is the instruction to edit the user's ~/.claude/settings.json to enable an experimental feature; that file-write is outside the skill package and requires user action, but it does increase the skill's runtime capabilities if performed.