Multi-Agent Orchestrator
v1.0.0Production-grade multi-agent orchestration patterns. Decompose complex tasks into parallel subtasks, coordinate agent swarms, build sequential pipelines, and...
⭐ 0· 380·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (multi-agent orchestration) match the SKILL.md and the included templates (fan-out, pipeline, swarm, review cycle). The templates explicitly describe task decomposition, file ownership, file-locking, budget tracking and use of model types; these are expected capabilities for an orchestrator.
Instruction Scope
SKILL.md and templates instruct agents to explore the codebase, read and write files under .orchestrator and other repo paths, run stages that list tools including Bash/WebSearch/WebFetch, and produce/aggregate outputs. This is coherent for an orchestrator. However these instructions also enable reading the entire repository and executing shell commands if the host provides such tools — a high-impact capability that could expose secrets or allow destructive actions if tool permissions are not constrained.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. No downloads or external install steps are present, which limits the on-disk attack surface.
Credentials
The skill requests no environment variables, credentials, or config paths in the registry metadata. The templates reference model names and tools but do not demand unrelated secrets. This is proportionate to its stated purpose.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request permanent presence or attempt to modify other skills or system-wide config in the provided materials.
Assessment
This skill appears to do what it says (patterns and templates for multi-agent orchestration) and is instruction-only, which lowers supply-chain risk. Before installing or using it, check the following: 1) Tool permissions: confirm what host tools the agent will actually have (Read/Write/Bash/WebFetch/WebSearch). If the agent can run Bash or arbitrary web fetches, restrict those tools or run the orchestrations in a sandbox/test repo. 2) Secrets and sensitive files: do not run this against a repo that contains credentials, private keys, or PII unless you trust the environment and have strict agent tooling limits. 3) Review and approvals: require a human approval step for any pipeline that writes to production branches or runs destructive commands. 4) Budget & concurrency: the templates assume spawning many agents and include budget enforcement — set conservative concurrency and budget limits initially to avoid runaway costs. 5) Provenance: the package metadata has no homepage and an unknown source; if provenance matters, try to verify the author's claims and the cited upstream projects before relying on it in production. If you want a lower-risk test: run the orchestrator templates against a small test repository with all tool access disabled except Read, and with human-in-the-loop gating for any write or shell steps.Like a lobster shell, security has layers — review code before you run it.
agentsvk975ym97w6mtsqd253tjw43y9582r4ptlatestvk975ym97w6mtsqd253tjw43y9582r4ptmulti-agentvk975ym97w6mtsqd253tjw43y9582r4ptorchestrationvk975ym97w6mtsqd253tjw43y9582r4ptparallelvk975ym97w6mtsqd253tjw43y9582r4ptpipelinevk975ym97w6mtsqd253tjw43y9582r4ptswarmvk975ym97w6mtsqd253tjw43y9582r4pt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.