Team Lead
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s purpose is clear, but it can fan tasks out to multiple spawned agents and retain task history without clear approval, cleanup, or data-boundary controls.
Use this only if you are comfortable with a coordinator sending your task to other agents. Before using it on sensitive work, ask it to show the execution plan, recipients, and shared context first; require approval before spawning agents; monitor/stop spawned sessions; and clear any stored history after the task.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could create extra agent sessions during a task, increasing cost, complexity, and the chance that work continues or remains available beyond what the user expected.
The dispatcher can create and register dynamic agents for subtasks. The visible artifacts do not show a corresponding approval step, TTL, session termination, or cleanup policy for those spawned agents.
const agentId = `dynamic-${subtask.type}-${Date.now()}`; ... this.registry.register(agentId, ...); ... return { type: 'spawn', agentId, ... }Require explicit user approval before spawning agents, enforce a maximum number and lifetime, and provide a clear cleanup/stop command for spawned sessions.
A large or poorly decomposed request could fan out across many agents/sessions at once, increasing cost, latency, and the impact of a bad instruction or bad subtask.
All ready subtasks in a group are dispatched together. Although the skill exposes a maxParallelAgents option, the visible execution path does not apply that cap before sending work to agents.
const groupPromises = group.subtasks.map(async (subtask) => { ... const result = await this.dispatcher.dispatch(subtask); ... }); await Promise.allSettled(groupPromises);Actually enforce maxParallelAgents, add cancellation/backpressure, and ask the user to approve large execution plans before dispatch.
Private task details or project context may be redistributed to multiple agents without the user seeing exactly what is shared with whom.
The constructed agent instruction includes serialized task context that can be sent to selected or dynamically spawned agents, but the artifacts do not define data minimization, trust boundaries, or user confirmation for which agents receive that context.
### 上下文
${JSON.stringify(input.context, null, 2)}Show the planned recipients and context before sending, redact unnecessary sensitive details, and restrict session history/context access to only what each subtask needs.
Sensitive prompts or project context could remain in the skill’s history and later influence summaries, exports, or future orchestration decisions.
The skill stores the original task and context in task history and exposes it through exportHistory. The artifacts do not clearly define retention, redaction, or user controls for potentially sensitive task content.
taskRecord = { id: taskId, originalTask: task, context, ... }; ... this.taskHistory.push(taskRecord); ... task: task.originalTaskMake history retention opt-in, redact sensitive content by default, document how long history is kept, and provide an obvious clear-history control.