ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Orchestrator

v0.1.0

Meta-agent skill for orchestrating complex tasks through autonomous sub-agents. Decomposes macro tasks into subtasks, spawns specialized sub-agents with dynamically generated SKILL.md files, coordinates file-based communication, consolidates results, and dissolves agents upon completion. MANDATORY TRIGGERS: orchestrate, multi-agent, decompose task, spawn agents, sub-agents, parallel agents, agent coordination, task breakdown, meta-agent, agent factory, delegate tasks

28· 10.9k·104 current·114 all-time
by@aatmaan1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a meta-orchestrator which legitimately needs to create and coordinate sub-agents. However, SKILL.md references helper scripts (python3 scripts/create_agent.py and scripts/dissolve_agents.py) that are not included in the package and no install or dependency is declared. The templates grant sub-agents broad capabilities (WebFetch, Bash, Read) without describing required constraints — this is disproportionate without explicit guardrails.
!
Instruction Scope
The runtime instructions instruct generating SKILL.md for sub-agents, writing inbox/outbox/status files, and spawning agents via the platform Task(...) call. Sub-agent templates explicitly allow reading local files, running Bash, and fetching the web. The communication protocol states the agent's workspace is 'private' and 'orchestrator ignores' it, which creates an avenue for hiding outputs or exfiltration. The orchestrator's guidance to 'prefer broader, autonomous tasks' and 'minimal monitoring' widens the agent's discretion.
Install Mechanism
This is instruction-only (no install spec), which limits on-disk payload risk. However, referenced scripts (create_agent.py, dissolve_agents.py) are absent from the bundle, an inconsistency that must be resolved before use — either those scripts exist elsewhere on the host or the instructions won't work as written.
Credentials
The skill requests no environment variables or credentials (proportionate). Nevertheless, the templates allow sub-agents to read local files and run shell commands; that capability could be used to access secrets on disk or environment variables if the orchestrator or host environment exposes them. The skill does not declare or constrain that risk.
!
Persistence & Privilege
always:false (good) and autonomous invocation is the platform default. But the orchestrator spawns new agents dynamically with 'general-purpose' type and minimal monitoring patterns; combined with private agent workspaces that the orchestrator 'ignores', this gives spawned agents the practical ability to persist or hide data. No explicit lifecycle/permission constraints for spawned agents are provided.
What to consider before installing
Before installing or using this skill, consider the following: 1) Source and provenance: the skill has unknown source and no homepage — prefer skills from known, auditable authors. 2) Missing helper scripts: SKILL.md references scripts/create_agent.py and scripts/dissolve_agents.py that are not included — verify where these live and audit them. 3) Least privilege: require narrow capabilities for spawned agents (disable Bash/WebFetch if not needed) and restrict sub-agent tools to only what's necessary. 4) Inspect generated SKILL.md at creation time: ensure templates cannot be modified to perform unintended actions. 5) Do not expose sensitive files or credentials: avoid copying secrets into agent inboxes; treat all inbox content as potentially leaked by autonomous agents. 6) Monitoring & human-in-loop: enable stricter monitoring, require human approval before spawning many agents, and limit parallelism. 7) Audit workspaces: change the 'orchestrator ignores workspace' rule — ensure the orchestrator can inspect per-agent workspaces or add integrity checks to detect hidden outputs. 8) Test in a sandbox: run the orchestrator in an isolated environment with limited network and filesystem access first. If you need help designing safe guardrails (ACLs, runtime constraints, logging), get those defined before deploying.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ak59nsy4h3tas7mk134k1x809gcj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments