OMNI — All-In-One Master Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill does not show clear malware, but it gives the agent very broad command, account, memory, and self-updating authority without tight scope controls.
Install only if you want a very broad general-purpose router skill. Before using it, set rules that it must ask before running commands, changing accounts/files, spawning sub-agents, scheduling background work, posting/sending messages, or writing persistent memory.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may take actions based on assumptions instead of asking you first, especially on broad or unclear tasks.
The skill tells the agent to proceed by filling gaps and executing on ambiguous requests, which can override the user's actual intent when the skill also covers high-impact actions.
Don't ask "What do you mean?" — instead, infer intent and state your interpretation ... Raw Input → Classify Intent → Fill Gaps → Clarify Scope → Execute
Require clarification or explicit confirmation before any external, mutating, costly, public, destructive, or account-affecting action.
A mistaken or over-broad command could change files, repositories, or connected services.
Broad shell execution and repository mutation are purpose-aligned for coding work, but the instruction is not bounded to a project path, dry-run mode, or explicit approval for high-impact commands.
Use `exec` to run any CLI tool ... `git add`, `git commit`, `git push` for changes
Constrain command execution to user-approved paths and require confirmation before commits, pushes, installs, deploys, deletes, or privileged/system changes.
If connected account tools are available, the agent may be able to act through your accounts.
The skill documents account-level actions on communication platforms. This is aligned with its broad purpose, but users should notice that public posting, DMs, and follower changes depend on delegated account authority.
X (Twitter) ... Post tweets, replies, quotes ... DMs, media upload ... Follower management
Only connect accounts you intend this skill to use, and require approval before sending messages, posting publicly, uploading media, or changing followers/settings.
Private context, preferences, file details, or operational history could be retained and reused in later tasks, and bad memory entries could influence future behavior.
The memory system is broad and persistent, with no clear retention limit, path boundary, review flow, or exclusion list beyond general safety language.
Remember everything. Log decisions, errors, patterns, and context ... Every Session ... User preferences observed ... Commands that worked (and didn't)
Limit what is written to memory, exclude sensitive data by default, provide user-visible memory review/deletion, and avoid treating memory as authoritative without verification.
Sub-agents may receive task context or affect files/tools in ways that are harder for you to supervise.
The skill encourages delegation to other agents and autonomous coding tools, but the provided artifacts do not define what context is shared, how identity/permissions are bounded, or how outputs are audited.
Use `coding-agent` skill for complex coding tasks ... Spawn sub-agents for parallel work via `sessions_spawn` ... Kilo CLI for autonomous terminal coding: `kilo run --auto "task"`
Ask before spawning agents, minimize shared context, set time/tool limits, and summarize sub-agent actions before applying changes.
The agent's future behavior could drift over time due to self-updated instructions or accumulated error rules.
The skill instructs the agent to modify persistent skill/reference guidance based on experience, which can change future behavior without a clear approval, audit, or rollback process.
After Each Error ... Update relevant skill/reference if systemic ... Protocol Evolution ... Update brain.md when new patterns emerge
Require explicit user approval for modifying skill files or persistent protocols, keep versioned change logs, and provide an easy rollback path.