Agent Avengers
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-avengers Version: 1.0.0 The OpenClaw AgentSkills bundle 'agent-avengers' is designed for multi-agent orchestration, task decomposition, and result integration. The `SKILL.md` and Python scripts (`assemble.py`, `execute.py`, `consolidate.py`, `monitor.py`) primarily utilize OpenClaw's native `sessions_spawn` and `sessions_send` APIs to manage sub-agents and their tasks. The scripts operate within a dedicated workspace (`~/.openclaw/workspace/avengers-missions`), creating and managing mission-specific files and directories. While the skill involves powerful capabilities like spawning agents and inter-profile communication (e.g., `localhost:3001` gateways), these are aligned with its stated purpose. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized remote execution, persistence mechanisms, or prompt injection attempts against the analyzing agent itself. The generated prompts for sub-agents direct them to save outputs to controlled paths within the mission workspace.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed task/subtask could cause the agent or user to run a different spawned-agent or send-agent command than intended.
The generated OpenClaw command embeds task text directly inside a JavaScript template literal. Because that task text ultimately comes from mission/subtask content, backticks or template syntax could alter the generated tool command if executed.
"code": f"""sessions_spawn({{\n task: `{cmd_info['params']['task']}`,Generate structured tool calls instead of executable text, or strictly escape backticks/template syntax and require user review before running generated sessions_spawn or sessions_send commands.
Task details, possibly including sensitive context, may be delegated to other local profiles or bots with different settings, tools, memories, or skills.
The skill explicitly supports sending task content to other OpenClaw profiles/bot instances, but the artifacts do not define authentication, identity checks, per-profile permission boundaries, or what data may be shared.
sessions_send({
sessionKey: "research-bot:main", // 프로필:세션
message: "심층 리서치 요청: X",Use an explicit allowlist of trusted profiles/agents, confirm before sending sensitive tasks, and document what data each profile can receive and what tools it may use.
Temporary subagents and their context may remain available after the mission, increasing the chance of stale context, unintended reuse, or leftover agent state.
Generated spawned-agent parameters keep sessions after completion for result inspection, while the documentation emphasizes temporary agents and cleanup. This retention is not clearly surfaced as the default operational behavior.
"cleanup": "keep", # 결과 확인을 위해 유지
Default spawned agents to cleanup/delete unless the user opts in to keeping them, and clearly show retained sessions and how to remove them.
Agent outputs and task results may remain in local mission reports and could be over-trusted or reused later.
The consolidation step copies raw agent output into a persistent final report file. This is purpose-aligned, but it preserves subordinate-agent text and could carry untrusted instructions or sensitive task data forward.
report += r["content"]
...
with open(output_path, "w") as f:
f.write(report)Treat subagent outputs as untrusted, avoid including secrets in tasks, and review or delete mission reports when they are no longer needed.