Team Lead
v1.0.0Multi-Agent Orchestration Lead - Decompose complex tasks, dispatch to specialized agents, aggregate results, and ensure quality.
⭐ 0· 188·0 current·0 all-time
byAndy Tien@linux2010
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, SKILL.md instructions, config/default-agents, and the JS modules (registry, decomposer, dispatcher, aggregator, quality-checker) all align: this is an orchestrator that lists/spawns subagents and routes tasks. No unrelated env vars, binaries, or surprising dependencies are requested.
Instruction Scope
SKILL.md instructs the host agent to list agents, spawn sessions, send messages, and consult history/memory — which is expected for an orchestrator. Pre-scan found prompt-injection patterns (system-prompt-override, unicode-control-chars). In this skill those map to legitimate 'systemPrompt' fields used for dynamically spawned agents, but system-prompt content is a high-impact surface (a malicious system prompt could influence spawned agents). Review the systemPrompt text and any hidden/obfuscated characters before enabling.
Install Mechanism
No external install script or remote downloads are declared. The package contains code files bundled in the skill (no install spec), which means files will be installed by the platform but there is no third-party fetch or execution-from-URL behavior in the manifest.
Credentials
The skill declares no required environment variables or credentials. Some example snippets (in examples/docs) reference environment variables like JWT_SECRET in example application code — those are illustrative and not required by the skill itself. There are no demands for unrelated cloud credentials or secrets in the metadata.
Persistence & Privilege
always:false (normal). The skill can autonomously spawn and send to subagents (sessions_spawn, sessions_send) — this is consistent with its purpose but increases its blast radius compared to purely read-only skills. It does maintain in-skill registries and histories; it does not appear to modify other skills' configs or system-wide settings.
Scan Findings in Context
[system-prompt-override] expected: SKILL.md and config/default-agents.json include 'systemPrompt' entries for dynamically spawned agents. This is expected for an orchestrator but is a high-impact field: malicious or overly permissive system prompts can manipulate spawned agents' behavior. Inspect these strings before trusting the skill.
[unicode-control-chars] unexpected: Scanner flagged potential unicode control characters in SKILL.md. I did not find obvious obfuscation in the visible files, but presence of such chars can be used to hide prompt-injection or alter displayed text. Recommend searching the SKILL.md and config files for non-printing/control characters (e.g., U+202E, U+200F) and removing/clarifying them.
Assessment
This skill appears to implement exactly what it claims: a multi-agent orchestrator that discovers, spawns, dispatches to, and QA-checks subagents. Before installing: 1) Review the 'systemPrompt' strings in config/default-agents.json and any dynamicAgentTemplates — these determine behavior of spawned subagents and can be abused. 2) Search files for hidden/unicode control characters (scanner flagged them) and remove or verify them. 3) Treat the skill as powerful: it can spawn and instruct other agents (sessions_spawn/sessions_send). Avoid exposing sensitive secrets or private data to tasks run through this skill until you’ve audited prompts and tested in a limited environment. 4) If you plan to run it in production, consider limiting its ability to spawn agents or restricting which models/endpoints it may use, and run initial tasks that use only non-sensitive, public data.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2ga7kqee521ecjq37vb4hs82w53d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.