Multi-Agent Orchestrator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is transparent about coordinating multiple agents, but users should review each orchestration plan because it can direct agents to read, edit, test, and run commands across a codebase.
This skill appears safe to install as an instruction-only guide, but use it deliberately: run it on a branch, ask for a clear execution plan, limit tools and files per agent, review .orchestrator outputs, and require confirmation before Bash commands, deployments, or broad code changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have limited independent provenance for where the skill instructions came from, but there is no runnable package in the supplied artifacts.
The registry metadata does not provide a source repository or homepage. Because this is instruction-only with no install script or code files, this is a provenance note rather than a concern.
Source: unknown Homepage: none
Review the included SKILL.md and templates before use, and prefer a trusted publisher or source link for production workflows.
A poorly scoped run could edit many project files or run commands you did not intend.
The skill documents worker agents with file modification and shell-command capabilities. This is expected for codebase orchestration, but it is high-impact if applied without clear file, command, and budget limits.
coder:
tools: [Read, Write, Edit, Bash, Grep, Glob]Before execution, require the agent to show the agent count, exact files each agent may modify, allowed commands, budget, timeout, and confirmation gates for Bash, deployment, or destructive actions.
Incorrect or sensitive intermediate outputs may be reused by later agents and remain on disk after the workflow.
The templates intentionally pass outputs between agents through local files. This is coherent with the orchestration purpose, but it means one agent's output can influence later agents and may contain project-sensitive context.
Agents pass context via intermediate files to avoid token bloat: .orchestrator/ pipeline-config.json stage-1-generate-output.md stage-2-review-output.md
Keep .orchestrator files inside the intended project, review important intermediate outputs, and delete them when they contain sensitive material.
If the plan is wrong, multiple files or stages may be affected before the final review catches the issue.
Parallel agents can create conflicts or propagate mistakes across a shared codebase. The template includes containment mechanisms such as file locking, dependencies, budgets, and quality gates, so this is a managed note rather than a concern.
Multiple agents work on the same codebase simultaneously with dependency-aware scheduling, file locking, and budget enforcement.
Use version control, run on a clean branch, inspect the dependency graph before execution, and require human approval before merging, deploying, or applying broad edits.