v2.0.0

Master Agent Workflow Global

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:28 AM.

Analysis

This is a coherent workflow-orchestration skill, but it asks for powerful multi-agent, file, and command capabilities and includes risky install/import patterns that should be reviewed before use.

GuidanceInstall only if you want a powerful global workflow orchestrator. Before using it, inspect the installer, avoid curl-to-bash installation, import only trusted backups, restrict worker/timeout settings, and verify what shell, OpenClaw config, and reporting-channel changes it makes.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

skill.json

"tools": ["sessions_spawn", "subagents", "message", "read", "write", "exec"]

The skill requests broad worker-spawning, messaging, file, and command-execution capabilities for an arbitrary workflow orchestrator, while the registry capability signals do not surface these powers.

User impactInstalling it can give the workflow substantial ability to spawn agents and act on local files or commands for user-supplied tasks.

RecommendationTreat this as a powerful automation orchestrator; require explicit approval for exec/read/write/subagent actions, reduce worker/time limits where possible, and ensure the registry metadata declares these capabilities.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/migrate.sh

echo "$value" | jq '.' > "$CONFIG_DIR/$key.json"

Configuration names from imported data are used directly in output paths, so a crafted import key containing path separators could write outside the intended config directory.

User impactImporting an untrusted backup could overwrite or create unexpected .json files outside the intended skill configuration area.

RecommendationOnly import trusted backups, and update the migration tool to reject names containing slashes, backslashes, absolute paths, or '..' before writing files.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

migration-guide.md

curl -L https://clawhub.com/skills/master-agent-workflow-global/install.sh | bash

The migration guide includes a remote script piped directly to a shell without pinning, checksum verification, or an install spec tying it to a reviewed artifact.

User impactA user following the guide could execute whatever script is served remotely at install time.

RecommendationDownload and inspect installers before running them, publish a verified install spec, and provide version-pinned checksums or signed releases.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- 禁止使用系统命令（timeout、ping、sleep等）
- 只使用OpenClaw安全工具

The documentation presents a strong safety claim, but other artifacts request the exec tool and provide shell-based installer and migration flows, which could make users underestimate command-execution exposure.

User impactUsers may believe the skill avoids system-command risks even though its artifacts include command execution capabilities and shell scripts.

RecommendationAlign the documentation with the actual requested tools and clearly explain when shell or exec capabilities are used.

Rogue Agents

SeverityLowConfidenceHighStatusNote

install.sh

echo "alias maw='使用 master-agent-workflow-global'" >> "$SHELL_RC"
echo "export MAW_HOME='$INSTALL_DIR'" >> "$SHELL_RC"

The installer persistently modifies shell startup configuration to keep the global skill and shortcut available.

User impactThe skill remains integrated into future shells and OpenClaw use until those changes are manually removed.

RecommendationReview the shell/OpenClaw config changes after installation and provide or verify a complete uninstall path.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

- 定期发送进度报告（每10分钟）
- 报告渠道可配置（feishu、telegram、console等）

The skill advertises periodic progress reports to external chat/reporting channels, but the artifacts do not define data boundaries or credential handling for those channels.

User impactTask names, progress, or performance details may be sent to third-party reporting channels if configured.

RecommendationUse a local console channel unless external reporting is intended, and document exactly what data is sent and which credentials are needed.