Agent Avengers
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its multi-agent orchestration purpose, but it delegates work broadly across agents/profiles and generates unsafe tool-command text that should be reviewed before use.
Install only if you are comfortable with broad multi-agent delegation. Before running generated commands, review them carefully, avoid sensitive data unless profiles/agents are trusted, restrict which profiles can receive tasks, and consider changing spawned-agent cleanup from keep to delete.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed task/subtask could cause the agent or user to run a different spawned-agent or send-agent command than intended.
The generated OpenClaw command embeds task text directly inside a JavaScript template literal. Because that task text ultimately comes from mission/subtask content, backticks or template syntax could alter the generated tool command if executed.
"code": f"""sessions_spawn({{\n task: `{cmd_info['params']['task']}`,Generate structured tool calls instead of executable text, or strictly escape backticks/template syntax and require user review before running generated sessions_spawn or sessions_send commands.
Task details, possibly including sensitive context, may be delegated to other local profiles or bots with different settings, tools, memories, or skills.
The skill explicitly supports sending task content to other OpenClaw profiles/bot instances, but the artifacts do not define authentication, identity checks, per-profile permission boundaries, or what data may be shared.
sessions_send({
sessionKey: "research-bot:main", // 프로필:세션
message: "심층 리서치 요청: X",Use an explicit allowlist of trusted profiles/agents, confirm before sending sensitive tasks, and document what data each profile can receive and what tools it may use.
Temporary subagents and their context may remain available after the mission, increasing the chance of stale context, unintended reuse, or leftover agent state.
Generated spawned-agent parameters keep sessions after completion for result inspection, while the documentation emphasizes temporary agents and cleanup. This retention is not clearly surfaced as the default operational behavior.
"cleanup": "keep", # 결과 확인을 위해 유지
Default spawned agents to cleanup/delete unless the user opts in to keeping them, and clearly show retained sessions and how to remove them.
Agent outputs and task results may remain in local mission reports and could be over-trusted or reused later.
The consolidation step copies raw agent output into a persistent final report file. This is purpose-aligned, but it preserves subordinate-agent text and could carry untrusted instructions or sensitive task data forward.
report += r["content"]
...
with open(output_path, "w") as f:
f.write(report)Treat subagent outputs as untrusted, avoid including secrets in tasks, and review or delete mission reports when they are no longer needed.