Employee

The skill bundle defines a system for managing AI sub-agents ('employees') with powerful capabilities, including the ability for 'autonomous' employees to 'Spawn Agents', 'Send External' communications, and 'Modify Files' (documented in `autonomy.md`). While these capabilities are gated by explicit permissions and user approval, they represent significant security risks if misused or misconfigured. Additionally, the `clawhub` skill linking mode (mentioned in `employee-template.md`, `lifecycle.md`, `routing.md`) introduces a supply chain vulnerability, as it allows fetching and executing external skills from a remote source, which could potentially be malicious. There is no evidence of intentional malicious behavior within this skill bundle itself, but its design incorporates high-risk functionalities and potential vectors for exploitation.