Agent Orchestrator

The OpenClaw Agent Orchestrator skill is designed for legitimate multi-agent orchestration. It demonstrates a strong commitment to security, implementing multiple layers of defense against prompt injection (e.g., `sanitize_untrusted_task`, `SECURITY_PREAMBLE` in `utils.py`) and arbitrary command execution (e.g., `ALLOWED_OPENCLAW_SUBCOMMANDS` allowlist in `utils.py`). Sensitive data is redacted in local state files by default. The `SECURITY.md` and `CHANGELOG.md` explicitly detail the threat model, mitigations, and ongoing security hardening, indicating a proactive and transparent security posture. No evidence of intentional malicious behavior (e.g., data exfiltration, unauthorized remote control, persistence) was found; remaining risks are inherent vulnerabilities of LLM systems, not malicious design.