Back to skill
Skillv1.0.0
ClawScan security
Agency Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 31, 2026, 2:12 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code mostly matches its orchestration purpose, but embedded files contain a hardcoded import of user-specific paths and an integration script that persistently modifies your shell/profile — these are incoherent or risky and merit review before installing.
- Guidance
- This package generally implements an agent-orchestration feature that matches its description, but there are two things you should check before installing or running anything: (1) open collaborative_mode.py — it inserts hardcoded absolute paths (/Users/ghq/...) and imports an external collaborative_agents module. If those paths exist on your machine they could cause arbitrary code execution when that module is imported; if they don't exist the import will fail. Consider removing or sandboxing this file or at least removing the hardcoded sys.path inserts. (2) inspect integrate_with_clawx.sh before running: it will edit your ~/.bash_profile (adding AGENCY_DIR and PATH entries) and write to ~/.openclaw/openclaw.json to enable the skill. Back up those files first, and run the script only after reviewing/modifying it to match your environment. Also manually inspect any agent .md files placed under ~/.openclaw/agency-agents-zh for unexpected content. If you want higher assurance, run the skill in a disposable account/container or ask the author for clarification about collaborative_mode.py and why it needs to import from /Users/ghq.
Review Dimensions
- Purpose & Capability
- noteThe name/description (multi-agent orchestrator) aligns with the provided Python modules: scanning ~/.openclaw/agency-agents-zh for agent .md files, analyzing tasks by keywords, selecting agents, and logging interactions. However, some included files (collaborative_mode.py) reference external modules and absolute user-specific paths that are not explained by the skill's description.
- Instruction Scope
- concernSKILL.md and README consistently reference config and log files under ~/.openclaw/agency-agents-zh which matches the code. But the repository contains a module (collaborative_mode.py) that inserts hardcoded absolute paths (/Users/ghq/...) into sys.path and imports CollaborativeAgentSystem from an external module — this causes the skill to reach into arbitrary user directories and execute code outside the skill bundle if that file is run/imported. The provided integrate_with_clawx.sh script also edits your ~/.bash_profile and openclaw.json to enable the skill, which is a persistent, privileged operation not described in a way that highlights risk.
- Install Mechanism
- okThere is no automatic install spec; the skill is instruction/code-only. No remote downloads or archive extraction are performed by the package itself. The only installation helper is an included shell script (integrate_with_clawx.sh) that edits local config files and shell profile — it must be run manually.
- Credentials
- okThe skill declares no required environment variables or credentials and the code does not attempt to read secrets. The integrate script adds an AGENCY_DIR environment variable to ~/.bash_profile and adds that directory to PATH, which is reasonable for convenience but unnecessary for core functionality and increases persistence surface.
- Persistence & Privilege
- notealways is false and the skill does not demand autonomous invocation privileges. The integrate_with_clawx.sh script will (if run) modify your ~/.bash_profile and enable the skill in ~/.openclaw/openclaw.json, creating persistent changes and adding the agency directory to PATH; this is a significant local change and should be reviewed before execution.