OpenClaw Subagent Toolset
v1.0.0Provides predefined constrained tool subsets for spawning sub-agents tailored to task types like Explore, Plan, Verification, Coding, and Secretary.
⭐ 0· 7·0 current·0 all-time
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (providing constrained tool subsets for sub-agents) matches the content: SKILL.md is purely guidance on allowed/forbidden tools per task type. However the package has no homepage/source and is instruction-only, and there are internal contradictions in the declared allowed/forbidden lists (see Instruction scope). These make the intent plausible but sloppy.
Instruction Scope
Instructions only tell agents to prepend a tool-subset prompt. They are intentionally 'soft constraints' (LLM compliance, not enforcement). Important concerns: (1) inconsistent lists — e.g., Secretary lists glob_search as both allowed and then forbidden, creating ambiguity; (2) the allowed tool set includes 'Skill' (invoke other skills), which can enable a spawned sub-agent to call other skills (potentially ones with higher privileges), effectively bypassing these soft constraints unless the platform enforces tool-level isolation; (3) guidance is open-ended and depends on the agent to follow it rather than implementing a technical sandbox.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes surface area; nothing is written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. It does not itself request secrets or external resources.
Persistence & Privilege
always is false and autonomous invocation is the default platform behavior. The skill does not request persistent system presence or modify other skills. However, because the guidance allows the 'Skill' tool and 'Coding' grants full tool access, using this skill without platform-enforced sandboxing could let sub-agents escalate privileges by invoking other skills or by ignoring the soft constraints.
What to consider before installing
This skill is largely harmless guidance for choosing tool subsets, but it has issues you should consider before installing:
- Inconsistencies: SKILL.md contains contradictions (e.g., Secretary both includes and forbids glob_search). Ask the author to fix these to avoid ambiguous behavior.
- Soft constraints: The skill relies on LLM compliance rather than enforcing sandboxing. Confirm your platform enforces tool restrictions at runtime; otherwise sub-agents could ignore the guidance.
- 'Skill' invocation risk: Allowed use of the 'Skill' tool lets a sub-agent call other skills (which may have more privileges). If you install this, ensure the platform prevents privilege escalation between skills or disallows chaining that would bypass restrictions.
- Unknown provenance: There is no homepage/source and the owner is an ID only. Prefer skills from known sources or ask for more provenance information.
- Test in a sandbox: Before using in production, test spawning sub-agents in an isolated environment and verify the platform actually enforces the allowed/forbidden tool lists.
If you need strong guarantees, require platform-level enforcement (hard sandboxing) or implement technical checks rather than relying on prompt-based guidance.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Subagent Toolset - Constrained Subagent Tool Sets
Purpose
When spawning a sub-agent, select the appropriate tool subset based on task type and add it to the task prompt to constrain its behavior.
Tool Subsets
Explore
For information gathering, code reading, file analysis.
- read_file: Read file contents
- glob_search: Path pattern search
- grep_search: Content search
- WebFetch: Fetch web page content
- WebSearch: Web search
- Skill: Invoke other skills
- StructuredOutput: Structured output
Forbidden: exec, sessions_spawn, edit, write
Plan
For task breakdown, planning, scheme design.
- read_file: Read files
- glob_search: Path search
- grep_search: Content search
- WebFetch: Fetch reference material
- TodoWrite: Write task list
- SendUserMessage: Send messages
- StructuredOutput: Structured output
Forbidden: exec, sessions_spawn, edit, write
Verification
For testing, verification, result confirmation.
- bash: Execute commands (read-only verification commands only)
- read_file: Read files
- glob_search: Path search
- grep_search: Content search
- WebFetch: Fetch reference material
- TodoWrite: Record results
- StructuredOutput: Structured output
- PowerShell: Windows commands
Forbidden: sessions_spawn, edit (dangerous write operations)
Coding
For code writing, debugging, fixing.
- read_file: Read files
- write_file: Write files
- edit_file: Edit files
- glob_search: Path search
- grep_search: Content search
- bash: Execute commands for verification
- TodoWrite: Task tracking
- StructuredOutput: Structured output
- WebFetch: Fetch reference material
Full tool access (high privilege)
Secretary
For document organization, summarization, report generation.
- read_file: Read files
- glob_search: Path search
- TodoWrite: Write task list
- SendUserMessage: Send messages
- StructuredOutput: Structured output
Forbidden: exec, sessions_spawn, edit, write, glob_search, grep_search
Usage
When spawning a sub-agent, read the corresponding tool subset from this skill and prepend it to the task prompt:
You are an Explore-type sub-agent.
You may only use the following tools: read_file, glob_search, grep_search, WebFetch, WebSearch, Skill
Forbidden: exec, sessions_spawn, edit, write
[Your task follows...]
Notes
- Tool subsets are soft constraints (LLM compliance), not hard restrictions
- For dangerous operations (file deletion, config modification), explicit prohibition is required
- High-privilege tasks (Coding type) should be used with caution
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…