calling-agent-squad Security Report — Low Risk | ClawSafe

15 /100

calling-agent-squad

Activate a multi-agent team (the Squad) to manage complex projects, business tasks, or development workflows

This is a legitimate multi-agent coordination framework with no malicious behavior detected. The skill coordinates role-based sub-agents for project management tasks through an orchestrator pattern.

Skill Namecalling-agent-squad

Duration40.8s

Enginepi

✓

Safe to install

No immediate action required. Consider documenting allowed-tools requirements in SKILL.md for transparency. The hardcoded user path in squad-init.sh will cause failures on non-George systems.

Findings 2 items

Severity	Finding	Location
Low	Missing allowed-tools declaration Doc Mismatch SKILL.md does not specify required allowed-tools permissions, making it unclear what tools this skill needs. `No allowed-tools section in frontmatter` → Add an allowed-tools declaration to SKILL.md frontmatter for transparency.	`SKILL.md:1`
Low	Hardcoded user path reduces portability Supply Chain squad-init.sh contains hardcoded path /Users/george/.openclaw which will fail on other systems. `BASE_DIR="/Users/george/.openclaw/workspace/skills/calling-agent-squad"` → Use environment variables or a relative path for portability.	`squad-init.sh:3`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	Creates project folders in Documents/squad_projects/ per SKILL.md
Shell	`NONE`	`READ`	✓ Aligned	squad-init.sh uses bash but is maintenance-only, not invoked during normal opera…
Network	`NONE`	`NONE`	—	No network activity observed
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`NONE`	`READ`	✓ Aligned	spawns sub-agents via openclaw agent (documented in SKILL.md)
Clipboard	`NONE`	`NONE`	—	Not used
Browser	`NONE`	`NONE`	—	Not used
Database	`NONE`	`NONE`	—	Not used

File Tree

51 files · 86.2 KB · 2455 lines

Markdown 50f · 2435L Shell 1f · 20L

├─ ▾ 📁 agents

│ ├─ ▾ 📁 architect

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 7L · 352 B

│ │ ├─ 📝 SOUL.md Markdown 6L · 566 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 brand-reviewer

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 424 B

│ │ ├─ 📝 SOUL.md Markdown 8L · 747 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 code-reviewer

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 394 B

│ │ ├─ 📝 SOUL.md Markdown 9L · 907 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 coder

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 368 B

│ │ ├─ 📝 SOUL.md Markdown 7L · 561 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 copywriter

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 7L · 286 B

│ │ ├─ 📝 SOUL.md Markdown 7L · 478 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 observer

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 385 B

│ │ ├─ 📝 SOUL.md Markdown 6L · 547 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 researcher

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 308 B

│ │ ├─ 📝 SOUL.md Markdown 6L · 489 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ └─ ▾ 📁 squad-manager

│ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ ├─ 📝 IDENTITY.md Markdown 8L · 512 B

│ ├─ 📝 SOUL.md Markdown 15L · 1.2 KB

│ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ └─ 📝 USER.md Markdown 17L · 477 B

├─ ▾ 📁 templates

│ └─ 📝 handbook.md Markdown 13L · 348 B

├─ 📝 SKILL.md Markdown 104L · 3.5 KB

└─ 🔧 squad-init.sh Shell 20L · 758 B

Security Positives

✓ No credential harvesting - skill does not access ~/.ssh, ~/.aws, .env, or sensitive environment variables

✓ No data exfiltration - no external IP connections, POST requests, or data transmission observed

✓ No code obfuscation - no base64, eval(), or anti-analysis techniques found

✓ No remote script execution - no curl|bash, wget|sh, or similar patterns

✓ Behavior aligns with documentation - sub-agent spawning is declared in SKILL.md

✓ All 8 agent configs share identical AGENTS.md template - no hidden unique capabilities

✓ squad-init.sh only runs during explicit maintenance, not during normal skill operation

Scan Report

Findings 2 items

File Tree

Security Positives