ClawHub

Agent Team Orchestration

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local setup guide for OpenClaw multi-agent workspaces, with no evidence of hidden network access, credential theft, or destructive behavior.

Before installing, review scripts/setup-team.sh, back up ~/.openclaw/openclaw.json before editing it, use simple trusted agent IDs, and grant allowAgents only to agents you intend the main agent to spawn. Do not place secrets or private material in shared OUTPUT, KNOWLEDGE, or AGENTS.md files unless every spawned role should see it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The guide instructs users to modify the global OpenClaw configuration and grant subagent-spawn permissions in the main agent. While this is framed as setup guidance, it expands agent capabilities beyond the local team workflow and can enable unintended agent creation or misuse if applied broadly in a real environment.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The guide tells users to edit a sensitive per-user configuration file in the home directory without warning that changes affect the user's broader agent environment. This increases the chance of accidental misconfiguration, privilege expansion, or persistent unsafe settings beyond the intended content-team use case.

Session Persistence

Medium
Category
Rogue Agent
Content
Five design axioms:

1. **File system is the state center** — The writer's `OUTPUT/` is the single source of truth. All other roles read/write through symlinks. No API, no database, no message queue.
2. **AGENTS.md is the role definition** — Each role's responsibilities, standards, and domain knowledge live in its own AGENTS.md. Loaded automatically at spawn. No runtime configuration needed.
3. **Flow is code** — The orchestrator (main agent) is the only dispatcher. Sub-agents cannot spawn each other. Flow is controllable and predictable.
4. **Scoring is the quality gate** — The score threshold (e.g. 8.5/10) is a business bar, not a technical bar. It ensures output is shippable.
Confidence
82% confidence
Finding
write through symlinks. No API, no database, no message queue. 2. **AGENTS.md is the role definition** — Each role's responsibilities, standards, and domain knowledge live in its own AGENTS.md. Loaded

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal