Agent Orchestrator
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned but should be reviewed because it can create autonomous sub-agents with broad file, command, and API access without clear built-in limits.
Review this skill carefully before installing. If you use it, define a narrow workspace, approve each generated sub-agent and its tools, require confirmation before shell commands or file edits, avoid sharing secrets or broad local paths, and only provide the SkillBoss API key when external AI/search/scraping calls are intended.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sub-agents may continue working, reading, writing, or invoking tools based on generated instructions with limited human oversight.
The core workflow creates autonomous sub-agents from generated instructions and explicitly reduces monitoring, but it does not describe concrete stop conditions, per-agent approval, runtime limits, or containment.
spawns specialized sub-agents with dynamically generated SKILL.md files ... For fully autonomous agents, minimal monitoring is needed
Use only with explicit user approval for each sub-agent, fixed workspaces, runtime limits, logs, and a clear cleanup/stop procedure.
A sub-agent could modify files or run commands beyond what the user expected if the generated task instructions are too broad or flawed.
The generated Code Agent template grants broad file mutation and shell execution capabilities without an explicit requirement for per-command approval or strict confinement to a safe directory.
Tools Available - Read/Write/Edit: File operations - Bash: Execute commands, run tests
Limit each generated agent to the minimum tools needed, require approval for shell commands and file edits, and restrict writes to a dedicated workspace or outbox.
Installing or using the skill may lead agents to rely on a provider API key that grants access to a third-party service.
Some sub-agent templates require a SkillBoss API key and send authenticated requests, while the registry metadata lists no required environment variables.
requires.env: [SKILLBOSS_API_KEY] ... headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}"Only provide SKILLBOSS_API_KEY when needed, understand what account it grants access to, and prefer scoped or revocable credentials.
The actual behavior of these helper commands cannot be verified from the provided artifacts, and users may need to supply or trust external/local scripts.
The documented workflow depends on helper scripts for creating and dissolving agents, but the supplied artifact manifest contains no scripts directory or code files to review.
python3 scripts/create_agent.py <agent-name> --workspace <path> ... python3 scripts/dissolve_agents.py --workspace <path> --archive
Review or provide the helper scripts before use, keep them in the skill package if they are required, and avoid running unreviewed scripts.
Sensitive files or outputs could be passed between agents or referenced by agents if the orchestrator includes overly broad inputs.
The file-based protocol is purpose-aligned, but agents can receive copied files or path references, and the artifacts do not describe authentication, origin checks, or strong data-boundary controls between agents.
Orchestrator copies all needed files to `inbox/` ... Large files: use references/paths instead of copies
Pass only the minimum needed files, avoid broad path references, review dependency outputs before reuse, and keep agent workspaces isolated.