ClawHub
Back to skill
v1.0.0

hierarchical-coordinator

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 12:41 PM.

Analysis

This is a code-free coordination skill; its main risk is that it may route work across multiple agents, so downstream actions should stay user-approved and reviewed.

GuidanceThis skill appears safe to install as an instruction-only coordinator. Before using it on real projects, make sure each delegated agent receives only needed context and that a human reviews any broad code changes, deployments, purchases, payment work, or crypto-related actions.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
Parallel subtask execution

The skill intentionally coordinates parallel work and cross-domain dependencies, which can allow one mistaken subtask result to affect later tasks if not reviewed.

User impactAn error from one delegated task could influence other files, domains, or follow-on work.
RecommendationUse checkpoints and user review before applying broad code changes, deployments, financial actions, or other high-impact results.
Tool Misuse and Exploitation
SeverityInfoConfidenceMediumStatusNote
metadata
Capability signals: crypto; can-make-purchases

The registry signals mention high-impact areas, but the provided artifacts do not show purchase-capable tools, credentials, or executable code. This is a notice to require explicit approval if such workflows arise.

User impactIf the coordinator is used for payment, purchasing, or crypto-related tasks, downstream agents could affect sensitive business workflows.
RecommendationRequire explicit user confirmation before any financial, purchase, or crypto-related action; treat the signal as supervision guidance, not evidence of automatic execution.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
delegating to specialized agents at each level, and aggregating results bottom-up

The skill is designed to pass task context and results between multiple agents. That is central to its purpose, but users should be aware of data-sharing boundaries between delegated agents.

User impactProject context may be shared with downstream specialist agents during coordination.
RecommendationShare only the information each sub-agent needs, and review aggregated results before acting on them.