ClawHub

Firm Agent Orchestration Pack

v1.0.0

Multi-agent task orchestration pack. DAG-based parallel task execution and team status monitoring. 2 orchestration tools.

0· 325·2 current·2 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and the two declared tools (orchestrate and status) match: this is a pack for multi-agent DAG orchestration and monitoring. The only declared dependency (mcp-openclaw-extensions >= 3.0.0) is plausibly related to OpenClaw agent functionality.
Instruction Scope
SKILL.md is very short and only exposes tool names and a minimal usage example. It does not instruct the agent to read files, environment variables, or external endpoints, which is good, but it also provides no detail about what the tools actually do, their inputs/outputs, permissions, or side effects. The file warns 'AI-generated — human validation required.'
Install Mechanism
There is no install specification and no code files (instruction-only), so nothing is downloaded or written to disk by the skill itself — this is the lowest-risk install model.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no unexpected secrets or unrelated service keys requested.
Persistence & Privilege
always is false (normal). The skill enables orchestration of other agents; because autonomous invocation remains allowed by default, this capability increases blast radius compared with a read-only skill. That is not inherently malicious, but you should confirm what the underlying orchestration implementation can do before allowing autonomous runs.
Assessment
This instruction-only skill is coherent with its description and requests no credentials, which is good. However: (1) the SKILL.md is minimal and AI-generated — ask the publisher for documentation on what the two tools actually do (inputs, outputs, side effects, permissions). (2) Verify the referenced dependency (mcp-openclaw-extensions >= 3.0.0) — inspect that package's implementation and permissions before installing or enabling. (3) Because the skill can orchestrate agents, test it in a controlled environment and consider restricting autonomous invocation until you understand its behavior. (4) The registry entry has no homepage and an unknown source; prefer skills with verifiable authorship or auditability before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vzm5cfmjnt1tjpjscey6ns82244e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments