Back to skill
Skillv1.0.0
ClawScan security
Agent Orchestrate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 3:43 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only reference for orchestrating sub-agents and its requested capabilities (none) match its stated purpose; nothing in the instructions appears disproportionate or unrelated.
- Guidance
- This skill is a documentation/reference pack for orchestrating sub-agents and is internally coherent. Before installing: (1) Confirm your OpenClaw environment provides the referenced primitives (sessions_spawn, subagents, sessions_send, sessions_history) — otherwise the instructions are only theoretical. (2) Be aware orchestrations write local state/checkpoint files (e.g., orchestration-state.json, pipeline-state/). Avoid storing secrets in those files and ensure appropriate file permissions. (3) Orchestrations may spawn many subagents and incur compute/costs — test with quotas/limits in a sandbox. (4) Because it is instruction-only and platform-dependent, review how subagents interact with external services (tasks you spawn may cause those subagents to call external APIs); limit agent permissions if you want to constrain blast radius. Overall this appears to be a benign, proportionate reference guide.
Review Dimensions
- Purpose & Capability
- okName/description (multi-agent orchestration) matches the instructions. All referenced operations are orchestration primitives (sessions_spawn, subagents, sessions_send, sessions_history) and local state files; there are no unrelated binaries, credentials, or external endpoints required.
- Instruction Scope
- okSKILL.md contains pseudocode and patterns for spawning, polling, steering, killing, and collecting results, and for persisting orchestration state to local JSON/files. It does not instruct reading arbitrary system files, accessing unrelated environment variables, or sending data to unknown external endpoints. Human-in-the-loop messaging is limited to platform primitives (sessions_send).
- Install Mechanism
- okNo install spec and no code files beyond documentation — instruction-only. This is the lowest-risk install model (nothing is downloaded or written by an installer).
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The instructions also do not reference hidden secrets or external service keys. This is proportionate for a coordination/reference skill.
- Persistence & Privilege
- okalways:false and no requests to modify other skills or global agent settings. The skill suggests the agent may spawn subagents (normal for orchestration); autonomous invocation is allowed by platform default but the skill itself does not demand elevated persistence or cross-skill access.