Back to skill
Skillv1.0.0
ClawScan security
Agent Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 7:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and included code are consistent with an orchestrator that decomposes tasks and spawns sub-agents; it does not request unrelated credentials, install arbitrary code, or contain obvious exfiltration behavior.
- Guidance
- This skill appears internally consistent with its stated purpose. Before installing, consider: (1) review or trust the repository (SKILL.md points to a GitHub repo) if you expect production use, since the code currently simulates sub-agents rather than calling a verified platform API; (2) be aware that autonomous invocation allows the skill to spawn sub-agents which can perform many actions on your behalf — ensure you trust the agent's permissions and any subsequent skills the sub-agents may call; (3) if you plan to run the bundled script in your environment, inspect it locally (it contains no network calls or secret reads) and run in a sandbox if you want extra assurance.
Review Dimensions
- Purpose & Capability
- okName/description (multi-agent orchestration) match the behavior described in SKILL.md and the shipped code: decomposition, spawning sub-agents, monitoring, and synthesis. The included scripts simulate sub-agent spawning and do not require unrelated credentials or binaries.
- Instruction Scope
- okSKILL.md instructs the agent to decompose tasks, spawn sub-agents, track progress, and synthesize results; it does not direct reading of unrelated files, exfiltrating secrets, or posting to external endpoints. The example spawn payload references the platform's subagent runtime (runtime: 'subagent', streamTo: 'parent'), which is coherent for this purpose.
- Install Mechanism
- okNo install spec is provided (instruction-only), lowering install-time risk. A package.json and script are present but there is no download-from-URL or extract step. Nothing in the manifest attempts to install arbitrary remote code.
- Credentials
- okThe skill declares no required environment variables, no credentials, and no config paths. The SKILL.md and code do not attempt to read environment secrets or unrelated system configuration.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide configuration changes. Autonomous invocation (model invocation enabled) is the platform default and appropriate for an orchestrator; no additional privileged presence is requested.