Spawn Subagent
AdvisoryAudited by VirusTotal on Apr 2, 2026.
Overview
Type: OpenClaw Skill Name: spawn-subagent Version: 1.0.1 The skill bundle provides documentation and usage patterns for a 'subagent spawning' capability, intended to delegate long-running tasks to isolated sessions. The instructions in SKILL.md and the deprecation notice in DEPRECATED.md focus on operational efficiency, error handling, and cost management, using legitimate examples such as file summarization and calendar/email management via CLI tools. No evidence of malicious intent, data exfiltration, or harmful prompt injection was identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A subagent can continue working while the main session moves on, which may consume resources or perform delegated actions until it completes or times out.
The skill's core function is to start a separate subagent for delegated work. This is disclosed and bounded by recommended timeouts, so it is a usage note rather than a concern.
sessions_spawn(... mode="run", runtime="subagent", runTimeoutSeconds=300)
Use subagents only for clearly scoped tasks, always include a timeout, and avoid delegating sensitive or irreversible actions unless the user explicitly asked for them.
Sensitive paths, environment variable names, API endpoints, or generated outputs could be shared with the spawned subagent and written to disk.
The instructions explicitly pass task context, locations, and outputs between the main agent and a subagent. This is expected for delegation, but users should notice the data boundary.
Where inputs are — file paths, env vars, API endpoints ... What to output — exact format and save location
Pass only the minimum context needed, avoid including secrets in the task description, and write outputs to scoped temporary locations.
If used as shown, a subagent may read email and calendar data for the selected account.
One example delegates calendar and email reads through an account-scoped CLI. That is coherent for a daily briefing workflow, but it uses delegated account access.
GOG_ACCOUNT=owner@company.com gog calendar events ... gog gmail search 'is:unread newer_than:1d'
Confirm the intended account and query scope before using account-backed examples, and require explicit approval for any sending, deletion, or other account mutation.
Failure logs may preserve sensitive filenames, task details, or error output for later sessions.
The failure-handling instructions create a persistent local record. This is useful for troubleshooting, but persistent logs can retain task context.
Log the failure: append to `.learnings/ERRORS.md`.
Do not log secrets or sensitive content, and periodically review or delete `.learnings/ERRORS.md` if it may contain private data.