Skillv0.1.0

ClawScan security

claw-orchestra · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 10:28 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are internally consistent with its stated purpose as a multi-agent orchestrator; it requests no credentials or external installs, but it does include file-write behavior and names tools like exec/read/write that you should review in the context of your OpenClaw runtime policy.
Guidance: This skill appears to implement exactly what it claims: an OpenClaw multi-agent orchestrator that spawns and integrates subagents. It requires no secrets and has no external installers, which is good. Before installing, check two things in your OpenClaw environment: (1) what tools the platform exposes to spawned subagents — if tools named exec/read/write are available, child agents could run commands or access files, so restrict those tools or audit prompts you send to the orchestrator; (2) the skill's default cost-tracker path (/workspace/projects/claw-orchestra/costs.json) will create and write files — change the path or ensure the skill cannot overwrite sensitive locations. Also be aware the SKILL.md mandates auto-generating and sending a Markdown report file; if you don't want automatic file transmission, modify that behavior or supervise first runs. Overall the package is coherent and not requesting unexpected privileges, but review runtime tool permissions and file-write locations before use.

Review Dimensions

Purpose & Capability: okName/description (multi-agent orchestrator) aligns with the provided code and SKILL.md: the package implements AgentTuple, Orchestrator, OpenClawAdapter, routing, a learner (cost/experience), and explicit integration points for sessions_spawn and sessions_history. No unrelated credentials, binaries, or external cloud access are requested.
Instruction Scope: noteSKILL.md instructs the orchestrator to spawn subagents, poll subagent status via 'subagents list' / 'sessions_history', integrate results immediately, and deliver a Markdown file to the user. These steps are coherent with orchestration behavior, but the policy of auto-generating and sending files (message(filePath=...)) is explicit and may be surprising — it causes the skill to write a file and transmit it to the user without further prompting.
Install Mechanism: okNo install spec is provided (instruction-only skill with bundled source). All code is included in the skill bundle; there are no external downloads, remote installers, or third-party package fetches that would increase risk.
Credentials: noteThe skill does not request environment variables or credentials. However, runtime components do perform local file I/O: CostTracker defaults to '/workspace/projects/claw-orchestra/costs.json' and will create directories/files there. The AgentTuple 'coder' factory lists tools ['exec','read','write','edit'] (tool names only); if your OpenClaw environment exposes such tools to spawned subagents, child agents could execute commands or access files. These behaviors are proportionate to a local orchestrator but you should confirm platform tool permissions and file path policies.
Persistence & Privilege: okThe skill does not set always=true and does not request persistent system-wide privileges. It keeps its state within provided objects and writes to its own configured files. There is no code attempting to modify other skills or global agent settings.