Skillv2.2.1

ClawScan security

Huo15 Openclaw Multi Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 4:16 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims (multi‑agent coordination using OpenClaw sessions_spawn); it is internally coherent, but it instructs you to grant subagents broad 'exec'/'read' permissions and writes files under your home directory — review those config changes before enabling.
Guidance: This skill is coherent for orchestrating multiple OpenClaw agents, but before installing or enabling it: - Review and understand the config change it recommends: it asks you to enable nested subagents and set subagents.tools.allow to ["read","exec","process"]. Those permissions let spawned subagents run processes and read files on your system. Only enable them if you trust the skill and the subagents you will spawn. Consider granting minimal permissions or running in a sandbox. - Inspect the included scripts (team.sh, spawn.sh, coordinator.sh). They operate only under $HOME/.openclaw/workspace/memory/activity and do not make network calls or upload data, but they will create and modify files in your home directory. - If you are cautious: test in an isolated account/container, keep maxConcurrent small, and avoid enabling exec/process globally — prefer limiting these permissions or using a dedicated environment for multi‑agent runs. - Note small bugs/quirks (e.g., team.sh references a leave_worker in main but defines leave_team) — the scripts look generally benign but not production hardened. If unsure, run the demo script first and validate behavior before making config changes.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md and included scripts all describe and implement a multi‑agent coordinator using OpenClaw's sessions_spawn primitives. The files operate on ~/.openclaw workspace and provide spawn/team/coordinator utilities consistent with the stated purpose.
Instruction Scope: noteSKILL.md instructs you to modify ~/.openclaw/config.json to enable nested subagents and to give subagents tools permissions including "read" and "exec" (and "process"). Granting exec/process to subagents is required for the scripted behavior but expands what spawned agents can do (they could run arbitrary local commands). The scripts themselves only read/write under $HOME/.openclaw/workspace and do not contact external endpoints, but the permission change is the main scope/risk to be aware of.
Install Mechanism: okThere is no install spec — this is instruction/script‑based. No downloads or remote installers are used. Scripts live in the package and operate locally, so nothing arbitrary is fetched from the network during install.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths beyond recommending edits to your OpenClaw config (~/.openclaw/config.json). There are no unrelated credential requests.
Persistence & Privilege: noteThe skill does not set always:true and is user‑invocable (normal). It does recommend persistent changes to the OpenClaw config to enable nested subagents and to allow subagent tools (read/exec/process). Modifying that config is expected for this capability but effectively grants spawned subagents greater runtime privileges — consider the tradeoff.