FIS Architecture
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s coordination purpose is clear, but it generates executable agent commands and file paths from unvalidated user-controlled text, so it needs review before installation.
Install only if you need this Discord/OpenClaw multi-agent workflow. Before using it, fix or constrain ticket ID handling, avoid executing generated sessions commands that contain untrusted task text, limit Discord bot permissions to the intended channels, and do not store secrets in FIS tickets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted task or subtask could change the generated command and cause the agent to spawn an unintended background worker or perform an unintended follow-on action if the command is copied/executed.
The subtask text is user/agent supplied and inserted directly into an executable-looking sessions_spawn command that the output tells the agent to execute, without escaping quotes or newlines.
spawn_cmd = f"""sessions_spawn(\n agentId="{sub_agent}",\n task="{subtask_description}",\n mode="run",\n label="{sub_ticket_id}"\n)""" ... print("📋 Execute this to spawn sub-agent:")Generate structured tool calls instead of copyable code strings, or serialize/escape all arguments with a safe encoder and require confirmation before spawning agents.
A malformed ticket ID containing path separators could cause ticket update or archive operations to target JSON files outside the intended FIS ticket directory under the user's local permissions.
Ticket IDs from CLI/workflow inputs are used directly to build read/write paths, and no validation or path containment check is visible.
filepath = os.path.join(self.active_dir, f"{ticket_id}.json") ... with open(filepath, "w") as f: json.dump(ticket, f, indent=2)Validate ticket IDs against a strict pattern, reject path separators, and resolve paths to confirm they remain inside the intended ticket directories before reading, writing, or renaming.
The bots can affect Discord channels/threads where these permissions are granted.
The skill explicitly requires Discord bot permissions that allow reading thread context, posting, creating threads, and uploading deliverables.
Required Bot Permissions: Send Messages ... Create Public Threads ... Read Message History ... Embed Links ... Attach Files
Grant these permissions only to the specific forum channels needed for the workflow and review bot roles periodically.
Task details and local deliverable paths can persist across sessions and be reused by later agents.
The skill stores task descriptions, session identifiers, notes, and deliverable metadata in a persistent shared hub under .openclaw.
return Path.home() / ".openclaw" / name ... "task": task ... "source_session": source_session ... "notes": []
Avoid putting secrets in tickets or notes, and periodically archive or delete old FIS hub data if it is no longer needed.
A worker may launch a background agent whose actions are less visible than a normal thread-based task.
The skill supports background sub-agents; this is disclosed and purpose-aligned, but it is still an autonomous background workflow.
mode="run" ... print("⚠️ IMPORTANT: Sub-agent runs in BACKGROUND") ... print("- Sub-agent works silently")Use background sub-agents only for approved subtasks, keep labels/tickets traceable, and monitor their status before relying on results.