Agent Team Orchestration 1
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: agent-team-orchestration-1 Version: 1.0.0 The skill bundle provides a well-structured framework for multi-agent orchestration, focusing on roles (Orchestrator, Builder, Reviewer), task lifecycles, and communication protocols. It implements standard software engineering practices such as spec-build-review cycles and workspace isolation. No indicators of malicious intent, data exfiltration, or harmful prompt injections were found across the documentation or instructions (SKILL.md, references/*.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The publisher identity and package lineage are less clear than ideal.
The embedded metadata differs from the registry metadata supplied for review, which lists owner ID kn7ahjkvm4k6kfc2tkfrhen4px82a35s and slug agent-team-orchestration-1. This is a provenance/packaging inconsistency, though no executable code is present.
"ownerId": "kn77yy30hx6jk3x3j2dwc9tj3d808mp4", "slug": "agent-team-orchestration"
Verify the publisher/source before relying on the skill, especially if future versions add code, install steps, or credentials.
Information placed in shared directories or agent workspaces may be visible to more agents than expected.
The recommended access model gives the orchestrator broad visibility and allows all agents to read shared directories. This is expected for orchestration but expands the trust boundary.
Agents can read any shared directory - Orchestrator can read all workspaces for oversight
Keep secrets and unrelated private data out of shared workspaces, and define least-privilege access rules for each agent role.
Incorrect or tampered shared instructions could steer future agents in the wrong direction.
SOUL.md files and shared decision/spec/artifact directories are persistent context that later agents may trust. This is central to the skill, but stale or unauthorized edits could influence future tasks.
Each agent gets a SOUL.md that defines: 1. **Role and scope** 2. **Communication style** 3. **Boundaries** 4. **Team context**
Restrict who can edit persistent agent instructions and shared decision files, and review them when behavior changes unexpectedly.
Messages or artifacts sent to the wrong session or shared path could expose context or disrupt another agent’s work.
The skill describes direct inter-agent messaging and shared-file coordination. It also provides usage boundaries, so this is a purpose-aligned note rather than a concern.
sessions_send (Sync — Urgent) Direct message to a running agent session. Interrupts their current work.
Verify target sessions and artifact paths before sending, and prefer shared files for auditable handoffs as the skill recommends.
If implemented without limits, scheduled agent dispatch could consume resources or start work without enough human review.
The playbook includes optional scheduled operations that can assign work and spawn agents. This is disclosed and aligned with sustained orchestration, but it should be deliberately configured.
Task Dispatch Schedule: Every few hours (or on trigger) Agent: Orchestrator 1. Check inbox for new tasks 2. Prioritize by urgency/importance 3. Match to available agents (check capabilities) 4. Assign and spawn
Use explicit schedules, concurrency limits, logging, approval thresholds for high-impact tasks, and a clear way to pause or stop scheduled agents.