Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Team Pipeline
v1.0.0Use when needing to coordinate multiple AI agents in parallel for code development, testing, and review
⭐ 0· 109·0 current·0 all-time
byliuchang@liuchang8877
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (coordinate coder/tester/reviewer agents using isolated git worktrees) matches the instructions, but the SKILL.md assumes the presence of system tools (git, a 'codex' CLI) and uses absolute user paths. The registry metadata lists no required binaries or environment variables, which is inconsistent with the runtime steps that clearly need git and a 'codex' executable.
Instruction Scope
The instructions direct filesystem operations (git worktree creation under /Users/liuchang, cds into agent-specific directories) and invoke 'codex exec' with arbitrary task strings. They reference absolute paths in a specific user's home and relative paths that may access other worktrees (e.g., reviewing ../agent-coder/login.py). This grants the skill broad discretion to read/write and execute within the user's workspace and to run arbitrary commands via the 'codex' tool — actions beyond a pure orchestration description and not limited or sandboxed by the SKILL.md.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. However, the runtime assumes external binaries (git, codex) are present and executable; the skill does not declare these requirements in the registry metadata. Because nothing is installed by the skill itself, disk-write risk from an installer is low, but runtime execution risk remains due to invoking host tools.
Credentials
The skill requires no declared environment variables or credentials, which is reasonable, but it hardcodes user-specific filesystem paths (/Users/liuchang/...) and implicitly requires access to the user's git repositories and working directories. The lack of declared binaries/env requirements while assuming access to system tools and a specific user's home is a proportionality mismatch and a usability/security concern.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not include installation steps that would persistently modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
What to consider before installing
This skill appears to be a workflow pattern for running multiple agent roles, but it assumes host-side capabilities that it does not declare. Before installing or running it: (1) verify you have and trust the 'codex' CLI and git on your machine; (2) edit the SKILL.md/scripts to point at safe workspace paths (avoid hardcoded /Users/liuchang paths) or run in an isolated sandbox/VM; (3) inspect any 'codex exec' invocations because they execute arbitrary instructions and could run code that reads/writes files in your workspace; (4) if you intend to use this with real code, test the workflow in a disposable repository to ensure it doesn't touch sensitive data. If you need to proceed, update the skill metadata to declare required binaries (git, codex) so the capability and requirements match.Like a lobster shell, security has layers — review code before you run it.
latestvk972cxtybbh5dt1t7hbpjmb0y9833dz8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.