v1.0.1

Orche

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:22 AM.

Analysis

Orche appears to be an instruction-only orchestration skill with disclosed multi-agent, retry, and state-recovery behavior; no malicious or purpose-mismatched behavior is evidenced.

GuidanceThis skill looks reasonable for structured multi-agent planning and verification. Before installing, be aware that it may share task context across agent roles, persist orchestration state locally, and continue through automatic retries. Use it with clear human approval boundaries for costly, external, or destructive actions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The skill has limited provenance information, which makes independent verification of origin harder, although the provided package is instruction-only and no executable code is present.

User impactYou have less information for deciding whether to trust the skill author or project source.

RecommendationInstall only if you trust the registry listing or author, and prefer versions with a public source or homepage when available.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Auto Regression: Automatically returns to Phase 2 on verification failure

The skill can continue work through automatic retry/regression loops. This is disclosed and bounded in the described workflow, but it is still autonomous behavior users should notice.

User impactThe agent may keep working through retries, which can consume time or budget and may repeat actions unless constrained by the user.

RecommendationSet clear budget, retry, and approval limits before using it for expensive or high-impact tasks.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

A sub-agent panel debates, critiques, executes, and verifies, while the watchdog monitors the entire process.

The skill is designed to share task context across multiple agent roles. This is central to its purpose, but it means user-provided information may be reused in multiple internal agent interactions.

User impactSensitive task details could be exposed to multiple agent roles during orchestration.

RecommendationAvoid including unnecessary secrets in orchestrated tasks and require explicit approval before any sub-agent performs sensitive external actions.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

Session disconnection recovery | ❌ | ❌ | ❌ | ✅ State file based

State-file based recovery implies task state may persist across sessions. This is useful for orchestration continuity, but persistent state can retain sensitive task context or stale instructions.

User impactTask details may remain in local state files after the orchestration session.

RecommendationReview where state files are stored, avoid placing secrets in task prompts, and delete run records when they are no longer needed.