Skill Orchestra
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: skill-orchestra Version: 2.0.0 The skill's core purpose is benign: intelligent routing of tasks to other skills. However, the `SKILL.md` documentation includes PowerShell code examples (`Invoke-SkillDemandInference`) that use regex matching on a `$Context` parameter. If an AI agent were to implement this logic directly and pass unsanitized user input as `$Context`, it could introduce a regex injection vulnerability. While the provided Python implementation (`skill_orchestra.py`) uses simple string matching and not regex for task analysis, the presence of this pattern in the agent's instructions (SKILL.md) constitutes a potential vulnerability that could be exploited via prompt injection against the agent, leading to resource exhaustion or other regex-related issues. This is a design flaw or vulnerability, not clear malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a broader routing system, this skill could influence which other skills an agent chooses for a task.
The router's catalog includes names of potentially high-impact downstream skills, although the visible code only selects a skill name and does not itself post content or control the desktop.
"twitter-thread": {"type": "content", "domain": "social"...} ... "desktop-control": {"type": "automation", "domain": "desktop"...}Keep normal confirmations and permissions on any downstream skills, especially skills that can post publicly, modify systems, or automate the desktop.
Using the skill runs its bundled Python implementation through the wrapper.
The wrapper dynamically loads the bundled local skill_orchestra.py file. This is a normal wrapper pattern for executing the skill's own implementation, not evidence of hidden remote code execution.
spec.loader.exec_module(module)
Install only versions from a trusted registry or publisher and review bundled code changes when upgrading.
Past recorded success and quality values may influence which skill is selected later in the same runtime.
The performance tracker records execution metrics that can affect later routing choices. The shown data is operational metadata, not task content, credentials, or persistent storage.
self.history[skill_name].append({"timestamp": datetime.now().isoformat(), "success": result.success, "quality": result.quality, "duration": result.duration, "cost": result.cost})Treat routing history as advisory and reset or inspect it if routing behavior becomes unexpected.
There is less external provenance to rely on when deciding whether to trust updates or publisher claims.
The package has limited provenance information, although the provided artifacts do not show remote install scripts, hidden dependencies, or suspicious static-scan findings.
Source: unknown; Homepage: none
Prefer installing from a trusted publisher and re-check the artifacts on version changes.