Agent Hive
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly transparent about creating multi-agent teams, but it grants broad peer-spawn and shared-workspace authority while some safety controls appear weaker than the documentation implies.
Before installing or using this skill, start with conservative hub-and-spoke permissions, validate any agent IDs, review the helper scripts, and do not rely on automatic budget demotion until you confirm it actually revokes allowAgents permissions in OpenClaw.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or adversarial agent id could cause the helper to create or overwrite OpenClaw-related files in unexpected locations.
The script uses the raw agent_id argument in filesystem paths without validating that it is a simple name; slashes or '..' path components could redirect created files and symlinks outside the intended agent directories.
AGENT_ID="${1:?Usage: create_agent.sh <agent_id>}"; WS="$HOME/.openclaw/workspace-$AGENT_ID"; mkdir -p "$MAIN/agents/$AGENT_ID"Only use simple agent IDs, and add validation that rejects '/', '..', absolute paths, empty strings, and unusual characters before using the value in paths.
Users may believe budget governance hard-stops peer spawning when the provided implementation appears to be advisory unless agents voluntarily follow the demoted status.
This claims automatic privilege loss, but the included budget_audit.py demotion logic only sets BUDGET.json status and writes logs; the artifacts do not show automatic edits to openclaw.json allowAgents or a gateway restart to revoke mesh permissions.
3 consecutive overbudget days → automatic demotion (loses mesh spawn privileges)
Treat demotion as advisory until verified, or implement a hard enforcement step that removes allowAgents permissions and restarts the gateway after human-visible approval.
Agents may spend tokens and initiate peer work without a human approving each individual spawn.
The skill deliberately expands delegated spawn permissions so agents can call other agents. This is central to the skill, but it is a significant permission change.
Full mesh with budget (recommended) ... All agents can spawn peers ... "subagents": { "allowAgents": ["<all other agent ids>"] }Start with hub-and-spoke or earned mesh, approve allowAgents changes explicitly, and monitor token spend and agent activity after enabling full mesh.
Content written by one agent can influence other agents later, and sensitive user or project context may be visible to every agent in the hive.
The design shares persistent memory, user/profile files, tools, scripts, skills, projects, and content across agents through symlinks.
MEMORY.md, TOOLS.md, USER.md, IDENTITY.md ← shared brain ... everything else ← SYMLINKS to main workspace
Review shared files regularly, avoid putting unnecessary secrets in shared memory, and consider per-agent isolation for sensitive projects.
Incorrect or poisoned messages in shared inbox/outbox files could be treated as trusted agent output.
Inter-agent communication is file-based and purpose-aligned, but trust and origin boundaries depend on local directory conventions rather than a clearly described authentication or integrity mechanism.
Communication rules (INBOX/OUTBOX pattern) ... Each writes to their OUTBOX.md ... Orchestrator collects results and synthesizes
Keep agent message directories access-controlled, label message origin clearly, and have the orchestrator verify important outputs before acting on them.
Users need to inspect and run the helper scripts deliberately rather than assuming the skill is only documentation.
The registry context has limited provenance and says there is no install spec even though runnable helper scripts are included. The scripts are visible in the artifacts, so this is a review note rather than hidden code.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: 2 code file(s)
Review the included scripts before use and prefer installing skills from sources with clear provenance and version history.