event-driven-coordinator
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: ah-event-driven-coordinator Version: 1.0.0 The skill bundle contains architectural documentation and persona instructions for an AI agent to act as an event-driven systems coordinator. It describes standard patterns like Pub/Sub, Saga, and CQRS using JSON templates and markdown diagrams. There is no executable code, no evidence of data exfiltration, and no malicious prompt injection; the content is entirely focused on simulating or managing asynchronous agent workflows (SKILL.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or untrusted event could cause multiple agents to start work, pause, or route tasks incorrectly.
The skill intentionally describes workflows where one event can trigger actions by multiple agents. This fits the skill purpose, but a bad or misrouted event could propagate work or pauses across agents if implemented without safeguards.
- Event-triggered agent activation - Chain reactions across agents - Conditional event routing
Use trusted event sources, clear routing filters, dead-letter handling, and human approval for high-impact downstream actions.
Incorrect or malicious event data could be saved and later influence future agent decisions.
The architecture includes an event history/store, and the instructions also describe updating local context from event payloads. Stored or reused event context can become untrusted input if event origins are not validated.
Event Store │ │ (History) │
Validate event origins and payloads, limit retention, and avoid treating stored event history as inherently trustworthy.
Cross-agent messages may share task context or influence other agents if sender identity and permissions are unclear.
The skill is explicitly about cross-agent event exchange and context synchronization. This is expected for its purpose, but implementations should define identity, origin, and data boundaries for those messages.
### Integration Events (Cross-agent) - AgentHandoffEvent - ContextSyncEvent - DependencyResolvedEvent
Require authenticated event sources, explicit subscriber permissions, and clear limits on what context can be shared between agents.