Reproduce
v1.0.4Enables an Openclaw agent to spawn sub-agents (child Openclaw instances) when a task is too large, complex, or parallel to handle alone. Use this skill whene...
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is explicitly a spawner for child Openclaw agents. The included Python script, use of LiteLLM, and the manifest's provider API-key entries all align with that purpose. Asking for a provider API key (Anthropic/OpenAI/Gemini/etc.) is expected for making model API calls.
Instruction Scope
Instructions are narrowly scoped to creating child agents, enforcing a payload schema, enforcing a max-depth, and warning about sanitizing snapshots and tool permissions. This is appropriate, but be aware: progress_so_far is explicitly sent to the provider and injected into the child's context (data-exposure risk). The skill also allows passing file-access tools to children (which grants read/write access to arbitrary paths) — this is documented but a significant capability to grant and should be handled with least privilege.
Install Mechanism
The skill is instruction-only (no install spec) and includes a Python script. The manifest lists a pip dependency on litellm>=1.40.0. No opaque downloads or extract/install steps are present. Note: because there's no automated install spec, the environment running the skill must already have (or must install) the litellm package and Python runtime.
Credentials
The manifest and SKILL.md correctly describe that at least one provider API key is required at runtime (or an Ollama local setup). However, the registry summary earlier showed 'Required env vars: none' which is inconsistent with the manifest/SKILL.md. The script also accepts an api_key override via litellm_kwargs, so credentials can be supplied either via env vars or per-call overrides — this is flexible but means callers should avoid passing raw keys in spawn payloads or snapshots.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and is user-invocable with normal autonomous invocation allowed. The spawn capability increases blast radius (child agents making provider calls), but this is the intended function and is constrained by MAX_DEPTH and the documented payload/schema rules.
Assessment
This skill is coherent for its stated purpose, but take these practical precautions before installing or using it:
- Provide only a non-production API key when testing; do not include keys in payloads or snapshots. The script will use your provider key (env var or api_key override) to call model APIs.
- Sanitize progress_so_far carefully: it is sent to the provider and becomes part of the child's prompt. Remove secrets, credentials, personal data, and anything you wouldn't want sent to the model provider.
- Minimize tools passed to children. File-access tools grant children read/write access to arbitrary paths — prefer returning results in text rather than giving file tools unless necessary.
- Note the manifest declares litellm as a pip dependency but there is no automated installer. Ensure your runtime has the correct Python version and litellm installed (pin versions if you need reproducibility).
- Address the minor metadata inconsistency: the registry metadata said 'Required env vars: none' while SKILL.md/manifest say at least one provider key is required at runtime. Confirm how your deployment supplies keys (env vs per-call) before use.
If these points are acceptable and you follow least-privilege practices (sanitize snapshots, avoid providing file tools unless necessary, use test keys), the skill appears to be what it claims to be.Like a lobster shell, security has layers — review code before you run it.
latestvk970xkhrrm9ey16t9c53zkwcb583av97
License
MIT-0
Free to use, modify, and redistribute. No attribution required.