Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Orchestration V1
v1.0.0Orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, and review workflows. Use when: (1) Setting up a team of 2+ agents with...
⭐ 0· 49·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (multi-agent orchestration) aligns with the SKILL.md content (roles, lifecycles, handoffs, shared artifact conventions). However the playbook includes a specialized 'Physical Strike (Justin)' executor and a hard-coded Windows path (E:\clawd_workspace\Share\artifacts\) that are more specific than expected for a general orchestration skill and are not justified by the description.
Instruction Scope
Runtime instructions direct agents to write/read shared directories, require exact output paths, and — critically — describe a 'Physical Strike' protocol where a named Main Agent ('Justin') must verify browser tab headers and take a post-action snapshot of a chat UI (example target: 'MK守约-粉丝群'). Those steps imply interacting with a browser/UI and external chat groups but the skill does not declare how such access is obtained or controlled. The SKILL.md also prescribes overwriting artifacts in place which can lead to data loss if not intentional.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by an installer and no external downloads are requested.
Credentials
The skill declares no required env vars or credentials, which is consistent with most content. However it assumes access to specific filesystem locations (both Unix-style /shared/ and a Windows E:\ path) and to a 'Main Agent' capable of performing browser actions — those implicit capability/permission requirements are not declared and should be clarified before use.
Persistence & Privilege
The skill does not request always:true or other elevated persistence; it is user-invocable and allows autonomous invocation (platform default). There is no content indicating modification of other skills or system-wide settings.
What to consider before installing
This skill is broadly coherent for orchestrating multi-agent workflows, but pause before installing: (1) clarify what 'Physical Strike (Justin)' means in your environment — who/what is Justin, how does it get browser access, and which accounts or UI elements it will control; (2) remove or adapt hard-coded paths (E:\clawd_workspace\...) if you don't want agents touching local drives or Windows-specific locations; (3) confirm whether agents will have the ability to post to external chat groups and take screenshots — grant those privileges only in isolated/test environments; (4) watch the 'overwrite previous versions in place' convention (it can lose history); and (5) ask the publisher for details about any assumed external integrations or credentials. If the author can explain/justify the Physical Strike steps and provide platform-agnostic configuration options (or make browser/UI actions explicit and opt-in), my confidence would increase.Like a lobster shell, security has layers — review code before you run it.
latestvk97f5mxhgtz5hzxa010r3bh6wn83na7f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.