ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Firm Orchestration

v1.0.0

Pyramid multi-agent orchestration for OpenClaw: routes objectives from a CEO agent down through departments, services and employees via sessions_send / sessi...

0· 400·1 current·1 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (pyramid multi-agent orchestration) matches the instructions and the declared tools (sessions_list, sessions_spawn, sessions_send, sessions_history). No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md stays within orchestration boundaries (dispatch, spawn, collect, merge, deadlines, handoff schema). It references platform artifacts like reply_session and memory:delivery/latest which are appropriate for an A2A orchestration skill. One operational note: Phase 6 (Git checkpoints / PR policies) implies interactions with an external VCS workflow — the skill does not request credentials, so the actual ability to create/label/reject PRs depends on the permissions of the sessions it orchestrates. Confirm that those sessions are restricted and that no session has unchecked external write privileges.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk or fetched during install.
Credentials
No environment variables, secrets, or config paths are requested. The skill's behavior relies on platform session tooling rather than external credentials, which is proportionate to its stated purpose.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent presence or system-wide configuration changes.
Assessment
This skill appears coherent and performs only in-platform orchestration using sessions tools. Before installing: 1) Ensure the platform-level session tools (sessions_send/spawn/history) are trusted and limited to intended permissions. 2) Confirm which sessions have access to external systems (GitHub, deployment APIs) because Phase 6 describes PR/commit policies but the skill does not request credentials — those actions will depend on session permissions. 3) Monitor orchestration runs initially (spot-check replies, spawned sessions, and any external side effects) and enforce human review for final outputs and any repository merges. The Dogecoin address is just an optional donation and not functionally required.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ncqgkvm6wxykqf7rgzvy1d822qf7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments