Openclaw Coworker Prompts
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only prompt pack with no code or credentials, but users should be careful because it recommends creating tool-enabled agents with broad abilities like exec, read, edit, web, and memory.
This prompt pack appears safe to install as text-only content, but do not give every generated agent exec, read, edit, web, or memory by default. Use least-privilege tools, supervise high-impact domains like healthcare/legal/finance/DevOps, and re-review any future version that adds code, credentials, or install scripts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you create agents from these prompts and grant broad tools, those agents may be able to run commands, read data, or edit files while completing tasks.
The prompt pack recommends broad tool access for agents created from its prompts. This is disclosed and user-directed, but exec/read/edit can affect local files or systems if granted too broadly.
allowed-tools: [exec, message, memory, web_search, web_fetch] ... Assign relevant tools (web, code, exec) ... Enable tools: `exec`, `web_search`, `read`, `edit`.
Grant only the minimum tools needed for each agent, require confirmation for exec/edit or production-impacting actions, and avoid connecting these prompts directly to sensitive systems without supervision.
Sensitive details shared while building or using coworker agents could be retained if memory is enabled by the platform or user.
The skill declares access to memory, which could persist context if used. The artifacts do not show automatic memory writes, but the purpose and retention boundaries are not described.
allowed-tools: [exec, message, memory, web_search, web_fetch]
Disable memory for agents that handle private, medical, legal, financial, or credential-related information unless you have clear retention and deletion controls.
You have less external context for who maintains the prompt pack or where to audit updates.
The package has no verified source or homepage in the supplied metadata, which makes provenance harder to assess even though there is no runnable code or install script.
Source: unknown Homepage: none
Review the prompt text before use, prefer verified sources for future updates, and treat any later version that adds code or install steps as needing a fresh review.