ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Meta Control - Agent Orchestration

v1.0.0

我作为主控 Agent 的协调能力。调度子 Agent 后台操作,我只管全局。

0· 428·4 current·4 all-time
by@xaiohuangningde
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: this is an orchestration/meta-agent that spawns sub-agents to perform work. No unrelated env vars, binaries, or installs are requested, which is consistent with a coordination-only skill.
!
Instruction Scope
SKILL.md explicitly instructs use of sessions_spawn to create independent background sub-agents of types that include '执行 Agent' (run scripts) and '搜索 Agent' (crawl websites). The instructions are high-level and contain no constraints, safety rules, or explicit limits on what sub-agents may access or execute. That delegation could permit unbounded network access, arbitrary script execution, and data collection/exfiltration by child agents — behavior not constrained or audited in the skill text.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk. Low installation risk.
Credentials
No environment variables, credentials, or config paths are requested. Requested permissions appear minimal and proportional. However, child agents spawned at runtime could later require or use credentials — the skill does not state any handling policy for that.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. Autonomous invocation is allowed (platform default) which is expected for an orchestrator; this increases blast radius but is not by itself unusual.
What to consider before installing
This skill is basically a controller that spawns background sub-agents to do work. That behavior can be legitimate, but the instructions are vague and provide no guardrails: sub-agents may crawl sites, run scripts, or handle sensitive data without explicit limits. Before installing, ask the author for: (1) concrete examples of what sessions_spawn will do and what APIs are used; (2) policies or constraints for child agents (network access, filesystem access, rate limits, data retention); (3) audit/logging and an ability to stop or review spawned sub-agents; and (4) whether child agents may request credentials and how those are presented/secured. If you cannot obtain satisfactory constraints, treat this skill as higher-risk and avoid enabling autonomous/background orchestration on sensitive accounts or systems.

Like a lobster shell, security has layers — review code before you run it.

agentvk9788ppa3y5vzj6vy560qm6w9x81wkbclatestvk9788ppa3y5vzj6vy560qm6w9x81wkbcmetavk9788ppa3y5vzj6vy560qm6w9x81wkbcorchestrationvk9788ppa3y5vzj6vy560qm6w9x81wkbc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Meta 调控

我作为主控 Agent,调度子 Agent 后台干活,我只管全局。

能力轮廓

  • 输入:复杂任务
  • 输出:拆分给子 Agent,我只汇总
  • 核心:调控全局,子 agent 干活

工作流

1. 收到任务
2. 拆解成子任务
3. 调度子 Agent 并行执行
4. 子 Agent 后台干活
5. 我汇总结果
6. 调控全局

子 Agent 类型

类型用途
搜索 Agent查资料、爬网站
分析 Agent分析数据、写报告
执行 Agent跑脚本、自动化
监控 Agent持续监控、告警

调度方式

用 sessions_spawn 开启子 Agent:

  • 独立会话,后台运行
  • 我继续和你聊天
  • 子 Agent 干完自动汇报

沟通方式

  • 子 Agent → 我 → 你
  • 我不打扰你,只在必要时汇总
  • 有重要进展才通知你

核心原则

  • 我只管全局 - 细节让子 Agent 做
  • 后台运行 - 不阻塞和你的对话
  • 需要时才汇报 - 不刷屏

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…