@openclaw/orchestration

The skill is classified as suspicious due to multiple critical and high-severity vulnerabilities identified in the `CODEX_REVIEW.md` and confirmed by analysis. These include race conditions and lack of transactional integrity in `src/queue.js` (e.g., `claimTask`, `createTask`, `completeTask`, `failTask`), potential database corruption during restore in `src/backup.js`, and a failure to enforce `max_concurrent` limits in `src/queue.js`. While these issues could lead to data inconsistency, operational failures, or bypass of intended controls, they do not demonstrate clear evidence of intentional malicious behavior such as data exfiltration, backdoors, or unauthorized remote code execution. The `SKILL.md` and `README.md` do not contain prompt injection attempts with harmful objectives.