ClawHub

TeamClaw Orchestrator

v1.0.0

Orchestrate a virtual AI software team to build features, fix bugs, or complete any software task. Use when the user wants to delegate work to a multi-role t...

0· 55·0 current·0 all-time
by@topcheer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the instructions: the SKILL.md documents a local TeamClaw controller API (intake, tasks, workers, messages) and uses only localhost HTTP endpoints. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are narrowly scoped to interacting with a local controller via HTTP (curl examples). However the API reference documents workspace endpoints (/api/v1/workspace/tree and /api/v1/workspace/file?path=<path>) that allow retrieving arbitrary file contents from the controller's host — this is functional for an orchestration tool but also a channel that could expose sensitive local files if the controller is reachable and not properly restricted.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). No downloads, package installs, or extracted artifacts are present.
Credentials
The skill requests no environment variables or credentials. The only resource it targets is a local HTTP controller (default 127.0.0.1:9527), which is proportionate to an orchestration controller.
Persistence & Privilege
always:false and no install actions means the skill does not request permanent or elevated platform presence. It does not modify other skills or system configs according to the provided files.
Assessment
This skill is coherent with its stated purpose, but it relies on a local TeamClaw controller that exposes workspace/file endpoints which can read files from the controller host. Only enable this skill if you trust the local controller and its environment. Before installing or invoking: (1) verify you actually run TeamClaw locally (127.0.0.1:9527) and inspect its configuration and access controls; (2) review the TeamClaw repo/source linked in the SKILL.md if you need assurance; (3) avoid submitting secrets or sensitive paths to the agent; and (4) consider running the controller and agent in isolated/sandboxed environments or restricting network access so the skill cannot be used to exfiltrate host files unintentionally.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cx7a480n5dmnqzyc28gake583tb8k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Links

Homepagehttps://github.com/topcheer/teamclaw
Repositoryhttps://github.com/topcheer/teamclaw
Docshttps://github.com/topcheer/teamclaw/blob/main/README.md

Comments