calling-agent-squad 安全扫描报告 — 低风险 | ClawSafe

15 /100

calling-agent-squad

Activate a multi-agent team (the Squad) to manage complex projects, business tasks, or development workflows

This is a legitimate multi-agent coordination framework with no malicious behavior detected. The skill coordinates role-based sub-agents for project management tasks through an orchestrator pattern.

技能名称calling-agent-squad

分析耗时40.8s

引擎pi

✓

可以安装

No immediate action required. Consider documenting allowed-tools requirements in SKILL.md for transparency. The hardcoded user path in squad-init.sh will cause failures on non-George systems.

安全发现 2 项

严重性	安全发现	位置
低危	Missing allowed-tools declaration 文档欺骗 SKILL.md does not specify required allowed-tools permissions, making it unclear what tools this skill needs. `No allowed-tools section in frontmatter` → Add an allowed-tools declaration to SKILL.md frontmatter for transparency.	`SKILL.md:1`
低危	Hardcoded user path reduces portability 供应链 squad-init.sh contains hardcoded path /Users/george/.openclaw which will fail on other systems. `BASE_DIR="/Users/george/.openclaw/workspace/skills/calling-agent-squad"` → Use environment variables or a relative path for portability.	`squad-init.sh:3`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Creates project folders in Documents/squad_projects/ per SKILL.md
命令执行	`NONE`	`READ`	✓ 一致	squad-init.sh uses bash but is maintenance-only, not invoked during normal opera…
网络访问	`NONE`	`NONE`	—	No network activity observed
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`READ`	✓ 一致	spawns sub-agents via openclaw agent (documented in SKILL.md)
剪贴板	`NONE`	`NONE`	—	Not used
浏览器	`NONE`	`NONE`	—	Not used
数据库	`NONE`	`NONE`	—	Not used

目录结构

51 文件 · 86.2 KB · 2455 行

Markdown 50f · 2435L Shell 1f · 20L

├─ ▾ 📁 agents

│ ├─ ▾ 📁 architect

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 7L · 352 B

│ │ ├─ 📝 SOUL.md Markdown 6L · 566 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 brand-reviewer

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 424 B

│ │ ├─ 📝 SOUL.md Markdown 8L · 747 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 code-reviewer

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 394 B

│ │ ├─ 📝 SOUL.md Markdown 9L · 907 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 coder

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 368 B

│ │ ├─ 📝 SOUL.md Markdown 7L · 561 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 copywriter

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 7L · 286 B

│ │ ├─ 📝 SOUL.md Markdown 7L · 478 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 observer

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 385 B

│ │ ├─ 📝 SOUL.md Markdown 6L · 547 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ ├─ ▾ 📁 researcher

│ │ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ │ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ │ ├─ 📝 IDENTITY.md Markdown 8L · 308 B

│ │ ├─ 📝 SOUL.md Markdown 6L · 489 B

│ │ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ │ └─ 📝 USER.md Markdown 17L · 477 B

│ └─ ▾ 📁 squad-manager

│ ├─ 📝 AGENTS.md Markdown 212L · 7.7 KB

│ ├─ 📝 HEARTBEAT.md Markdown 5L · 168 B

│ ├─ 📝 IDENTITY.md Markdown 8L · 512 B

│ ├─ 📝 SOUL.md Markdown 15L · 1.2 KB

│ ├─ 📝 TOOLS.md Markdown 40L · 860 B

│ └─ 📝 USER.md Markdown 17L · 477 B

├─ ▾ 📁 templates

│ └─ 📝 handbook.md Markdown 13L · 348 B

├─ 📝 SKILL.md Markdown 104L · 3.5 KB

└─ 🔧 squad-init.sh Shell 20L · 758 B

安全亮点

✓ No credential harvesting - skill does not access ~/.ssh, ~/.aws, .env, or sensitive environment variables

✓ No data exfiltration - no external IP connections, POST requests, or data transmission observed

✓ No code obfuscation - no base64, eval(), or anti-analysis techniques found

✓ No remote script execution - no curl|bash, wget|sh, or similar patterns

✓ Behavior aligns with documentation - sub-agent spawning is declared in SKILL.md

✓ All 8 agent configs share identical AGENTS.md template - no hidden unique capabilities

✓ squad-init.sh only runs during explicit maintenance, not during normal skill operation