ClawHub

Swarm Coord

v1.0.0

多 Agent 协作调度。将大任务拆分为子任务,分配给多个 Agent 并行执行,自动汇总结果。Team Lead 负责拆分、分发、监控、汇总。触发词:协作、swarm、分工、团队任务、并行执行、多 Agent、team work。

0· 80·0 current·0 all-time
by@wavmson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the actual instructions: the skill decomposes tasks, spawns sessions, monitors progress, and aggregates results. It does not request unrelated credentials, binaries, or installs, and the README's install suggestions (clawhub/git clone) are consistent with an instruction-only skill.
Instruction Scope
Runtime instructions only use platform primitives (sessions_spawn, sessions_yield, etc.) and describe clear phases. However the guidance explicitly says to pass '上下文(文件路径、配置值等)' to child agents and to relay intermediate results; that can expose local files or configuration values to subordinate agents if they are fetched or attached. The skill also references external actions in examples (push to GitHub, send to Feishu) without declaring credentials — these are plausible examples but mean child agents will need access to service credentials elsewhere.
Install Mechanism
Instruction-only skill with no install spec and no code files. README mentions optional git clone or clawhub install, which are standard and not enforced by the skill itself. No remote downloads or extracted archives are specified.
Credentials
The skill declares no required env vars or credentials, which aligns with being an orchestration instruction set. But because it may instruct child agents to perform actions like Git pushes or messaging, those downstream operations will require credentials; ensure those credentials are supplied only to agents that actually need them. The instructions' mention of passing 'configuration values' is broad and could lead to unintended exposure of secrets.
Persistence & Privilege
always:false (no forced global presence). The skill recommends saving swarm progress to a local '.task-state.json' and recording results to Memory-Dream (long‑term memory). Persisting task state and writing to memory is functionalityally reasonable for long tasks, but review where .task-state.json is stored, retention policies, and what is written to Memory-Dream to avoid unwanted leakage of sensitive data.
Assessment
This skill appears to do what it says: it decomposes a job, spawns sub‑agent sessions, monitors them, and aggregates results. Before installing or running it: 1) Confirm where '.task-state.json' will be written and how long it is retained; sensitive data should not be stored there. 2) Review what “上下文(文件路径、配置值等)” you allow the CEO to forward—avoid sending secrets or whole config files unless necessary. 3) Ensure child agents have only the minimal credentials/permissions needed (e.g., Git or messaging tokens) and are trusted to perform external actions. 4) If you use Memory‑Dream or other memory skills, decide whether you want swarm outputs persisted to long‑term memory. 5) Test the skill in a low‑privilege environment first (no access to production repos/secrets) to observe how it passes context and handles failures. If you need, request the author/sources for the optional install repo to verify there are no hidden scripts in the packaged version.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776eakkx4aa3rpjwn4qrxzxx841hdh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments