OrgX
PassAudited by ClawScan on May 10, 2026.
Overview
OrgX is a disclosed work-orchestration integration, but it relies on an external plugin and may sync work memory, use an OrgX API key, and update OrgX workflow state.
Before installing, make sure you trust OrgX and the external @useorgx/openclaw-plugin package. Do not sync MEMORY.md, daily logs, or work summaries that contain secrets or confidential data unless that is intended, and review important OrgX state-changing actions such as entity updates, cancellations, or rollbacks.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill alone is instruction-only, but using its full functionality depends on trusting the external OrgX plugin package.
The skill tells users to install or run an external plugin package, but the provided artifact set contains only SKILL.md and no plugin code for review.
openclaw plugins install @useorgx/openclaw-plugin # Or via npx npx @useorgx/openclaw-plugin
Install the plugin only from a trusted source, verify the package identity/version, and review the plugin permissions before use.
The integration may act within the OrgX account or workspace associated with the API key or pairing session.
The skill may authenticate to OrgX using an API key or local pairing flow. This is expected for the integration, but it is not declared as a required credential in metadata.
pair with OrgX via the live dashboard at `http://127.0.0.1:18789/orgx/live` or set `ORGX_API_KEY` in your environment
Use a scoped OrgX credential where possible and avoid sharing API keys beyond the intended local environment.
Private details in MEMORY.md or daily logs could be sent to OrgX, and returned org context may influence later agent behavior.
The skill explicitly syncs local memory or daily logs to OrgX and consumes returned OrgX context, creating a persistent context-sharing path.
`orgx_sync` — Push local memory/daily log to OrgX, receive org context back.
Review memory/log content before syncing and avoid including secrets, personal data, or confidential information unless OrgX is trusted for that data.
An agent using the integration could change task, initiative, artifact, or run state in OrgX.
The documented tools can mutate OrgX entities and run state. This is aligned with work orchestration, but the described scope is broad.
`orgx_update_entity` — Update status/fields on any entity. `orgx_run_action` — Pause, resume, cancel, or rollback a run.
Confirm important OrgX updates, cancellations, rollbacks, or broad entity changes before allowing the agent to perform them.
Work context may be visible to other OrgX-managed agents, dashboards, or sessions depending on OrgX configuration.
The skill is designed for multi-agent orchestration and model routing, which implies sharing task context across agents or sessions.
Connect to OrgX for multi-agent orchestration... Always call `orgx_spawn_check` before spawning sub-agents
Use the integration only in OrgX workspaces where agent/session access boundaries are understood.