Openclaw Team Builder
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is a coherent team-orchestration guide, but it delegates behavior to unreviewed agent files and describes autonomous loops plus live trading/configuration authority without clear approval limits.
Review this skill carefully before installing. It is safest for planning/team-composition use only. Do not connect it to live trading, paid image generation, or live configuration APIs unless you add explicit approvals, read-only or staging defaults, budget/iteration limits, and verify all referenced agent-definition files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may follow unreviewed local or reference instructions that change its role, priorities, or workflow.
The skill delegates runtime behavior to referenced agent-definition files that are not included in the provided file manifest, so their rules and provenance cannot be reviewed before the assistant adopts them.
Read the agent definition at: reference/agency-agents-main/[division]/[agent-file].md ... Then adopt that agent's: - Identity and personality - Core mission and rules
Package and review the referenced agent definitions, or require explicit user confirmation before loading them; treat external role files as untrusted and subordinate to user/system instructions.
The assistant could continue running experiments, changing parameters, consuming resources, or pursuing optimization after the user expected it to stop.
The Research Lab methodology explicitly instructs an autonomous indefinite loop, which is not bounded by a maximum number of iterations, cost, time, or per-change user approval.
Never stop — the loop runs until manually interrupted; the agent is fully autonomous
Require a user-set time/iteration budget, explicit stop conditions, and approval before any persistent or long-running experiment loop begins.
If connected to a real IG trading environment, the assistant could access sensitive financial/account data or affect live positions.
The skill describes account-level trading data and transaction authority, but the registry metadata declares no credential requirements and the instructions do not clearly bound permissions, approvals, or read-only mode.
Live market data access (prices, account balance, P&L, margin) ... Scalper bot control ... Trade execution and position management
Use paper trading or read-only access by default, declare required credentials and scopes, and require explicit human approval before any trade, bot-control, or account mutation.
An optimization loop could push a bad configuration into a live system, including trading strategies, after a misleading metric improvement.
The workflow allows experiment results to be written to live configuration through an API, but the artifact does not specify a mandatory human approval gate, rollback process, or containment boundary before live promotion.
Winning configurations get promoted to live via the Config Write API
Require explicit user approval, staging/paper validation, rollback instructions, and change diffs before any live config write.
Task context, trading details, creative prompts, or other user data may be shared between agents more broadly than the user expects.
Inter-agent messaging is central and disclosed, but the artifact does not define identity checks, recipient permissions, or data-sharing boundaries for messages sent among agents.
Agents communicate through OpenClaw's `sessions_send` mechanism ... Any agent can reference team-builder skill to propose specialist activation
Limit `sessions_send` to trusted named agents, avoid sending sensitive data unless needed, and add explicit origin/permission checks for cross-agent handoffs.