ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Multi Agent

v1.0.5

Claw Multi Agent enables parallel multi-agent orchestration for faster, comprehensive research, model comparison, and code pipelines, saving 50-65% time.

1· 586·1 current·1 all-time
by@zcyynl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim multi-agent orchestration and the code implements that by invoking the 'openclaw agent' CLI, generating tasks, routing, and aggregating results. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md prescribes announcement/plan/report workflow and saving outputs under /workspace paths; templates and code instruct sub-agents to read/write project files. This is consistent with a multi-agent runner, but the skill relies on the orchestrating agent (or user) to validate file paths and inputs before spawning sub-agents.
Install Mechanism
No install spec; the skill is instruction+code only. It does not download or extract remote artifacts. Usage expects the OpenClaw CLI to already exist on the host.
Credentials
The skill declares no required env vars or credentials. The code copies os.environ into subprocess env for each 'openclaw agent' call, which is expected because sub-agents run in the same session, but means any environment variables present will be visible to sub-agent processes—so secrets in the environment could be exposed to spawned agents.
Persistence & Privilege
always is false and the skill does not request permanent platform-level elevation. It runs subprocesses (openclaw agent) and writes files to workspace as part of normal function; no modification of other skills or global configs is present.
Assessment
This skill appears to do what it says: it spawns parallel OpenClaw sub-agents via the 'openclaw agent' CLI and aggregates results. Before installing, consider: 1) Sub-agents run under your OpenClaw session and inherit its tool permissions and environment—any secrets in environment variables could be visible to spawned agents. 2) Several templates and instructions accept {file_path} and write/read /workspace paths—only use project-relative paths and avoid exposing sensitive files. 3) The code assumes the orchestrating agent/user will validate and sanitize paths and inputs; if you will run this in a shared or production environment, review/limit what tasks are passed to it and test with --demo first. 4) Ensure the host has the OpenClaw CLI you expect; the skill invokes it via subprocess. If you are uncomfortable with automatic file reads/writes or giving sub-agents broad session/tool access, do not enable it or run it in a constrained environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7sz0z78rzhq44bjpbysxh9822d1wmulti-agentvk97e7sz0z78rzhq44bjpbysxh9822d1wparallelvk97e7sz0z78rzhq44bjpbysxh9822d1wpipelinevk97e7sz0z78rzhq44bjpbysxh9822d1wswarmvk97e7sz0z78rzhq44bjpbysxh9822d1w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments