OpenClaw Agent Orchestrator
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is aligned with creating durable OpenClaw agents, but its helper script can broadly copy workspace data and delete/recreate target folders based on unvalidated user-provided agent IDs.
Only install or run this if you intentionally want durable OpenClaw agents created or repaired. Before use, inspect the source workspace, avoid secrets in copied folders, use simple safe agent IDs, and ask for confirmation before any workspace is deleted or recreated.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious agent ID could cause deletion or rewriting of unintended local directories, especially if path traversal such as '../' is accepted before the OpenClaw CLI validates the ID.
The user-provided agent ID is embedded directly into a filesystem path, then the target directory is recursively deleted if it exists. The script does not validate the ID or prove the resolved path remains inside the intended workspaces directory.
TARGET_WORKSPACE="${OPENCLAW_HOME}/workspaces/${AGENT_ID}" ... if dst.exists():
shutil.rmtree(dst)Validate agent IDs against a safe pattern, resolve and check that the target path stays under the intended OpenClaw workspaces directory, and require confirmation or backups before recursive deletion.
Private workspace files, saved prompts, instructions, or other runtime state could be duplicated into a durable subagent and reused later without the user realizing exactly what was copied.
By default the script recursively copies almost all files from the main OpenClaw workspace into the new durable agent workspace, with only a small skip list.
SOURCE_WORKSPACE="${5:-$OPENCLAW_HOME/workspace}" ... for current_root, dirnames, filenames in os.walk(src, topdown=True ... shutil.copy2(source_file, target_file)Document what is copied, add exclusions for secrets and sensitive files such as .env, keys, logs, and credentials, and ask the user to choose or confirm the source workspace before copying.
Created agents and bindings may remain available after the current task and could affect future OpenClaw behavior.
The skill intentionally creates durable OpenClaw agent entries. This is disclosed and purpose-aligned, but it is persistent runtime state rather than a temporary chat-only action.
For durable subagents in this deployment, use `openclaw agents add` and verify the result.
Use it only when durable agents are actually desired, verify created agents and bindings, and provide cleanup instructions for agents that are no longer needed.
The skill may fail or behave differently depending on the local environment, and users may not realize it requires local CLI execution.
The metadata does not declare required binaries, while the included scripts depend on bash, python3, and the openclaw CLI.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare required binaries and runtime assumptions in metadata, especially the openclaw CLI and python3.