中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
orchestrator-v4
智能任务编排系统 v4。自动调度 Fast/Slow/Long Worker,支持任务分解、并发控制、生命周期管理、后台监控、审计子代理
Orchestrator V4 is a legitimate multi-agent task orchestration system that scans project files, plans task decomposition, and spawns sub-agents via OpenClaw's sessions_spawn API. No malicious behavior, credential theft, data exfiltration, obfuscation, or undeclared capabilities were found. All functionality aligns with documented behavior.
Skill Nameorchestrator-v4
Duration46.3s
Enginepi
Safe to install
This skill is safe to use. No security concerns identified. All capabilities (sub-agent spawning, filesystem scanning, subprocess IPC for long tasks) are declared and serve legitimate orchestration purposes.
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned sessions_spawn in orchestrator_v4_acp.py spawns agents that execute tasks
Filesystem READ READ ✓ Aligned scan_task_scope() in orchestrator_v4_acp.py reads project files
Filesystem WRITE WRITE ✓ Aligned checkpoint/log files written to config.checkpoint_dir
Network NONE READ ✓ Aligned Sub-agent results communicate back via sessions_spawn (OpenClaw API)
Environment NONE READ ✓ Aligned v3_bridge.py merges os.environ for subprocess env only (line 106)

File Tree

21 files · 241.5 KB · 6746 lines
Python 18f · 6453L Markdown 2f · 280L JSON 1f · 13L
├─ 📁 scripts
│ ├─ 🐍 audit_agent.py Python 216L · 7.8 KB
│ ├─ 🐍 background_monitor.py Python 498L · 16.7 KB
│ ├─ 🐍 hybrid_worker_acp.py Python 382L · 12.2 KB
│ ├─ 🐍 lifecycle_manager.py Python 429L · 14.3 KB
│ ├─ 🐍 micro_scheduler.py Python 579L · 19.8 KB
│ ├─ 🐍 openclaw_bridge.py Python 285L · 8.8 KB
│ ├─ 🐍 openclaw_orchestrator_entry.py Python 129L · 5.3 KB
│ ├─ 🐍 openclaw_spawn_bridge_example.py Python 61L · 1.7 KB
│ ├─ 🐍 orchestrator_v4_acp.py Python 1788L · 72.5 KB
│ ├─ 🐍 scan_and_plan.py Python 65L · 2.3 KB
│ ├─ 🐍 test_classify.py Python 59L · 2.2 KB
│ ├─ 🐍 test_e2e_spawn.py Python 580L · 19.1 KB
│ ├─ 🐍 test_integration.py Python 68L · 2.5 KB
│ ├─ 🐍 test_planning.py Python 52L · 2.4 KB
│ ├─ 🐍 test_scan_plan.py Python 53L · 2.3 KB
│ ├─ 🐍 test_v3_e2e.py Python 382L · 12.9 KB
│ ├─ 🐍 v3_bridge.py Python 581L · 20.1 KB
│ └─ 🐍 v3_worker.py Python 246L · 8.5 KB
├─ 📋 _meta.json JSON 13L · 508 B
├─ 📝 README.md Markdown 57L · 1.5 KB
└─ 📝 SKILL.md Markdown 223L · 8.3 KB

Security Positives

✓ No credential harvesting - no iteration of os.environ for API keys or tokens
✓ No data exfiltration - no external IP connections or POST requests
✓ No obfuscation - all code is clear, readable Python
✓ No supply chain risk - pure Python stdlib, zero external dependencies
✓ No persistence mechanisms - no cron, startup hooks, or backdoors
✓ No prompt injection - clean prompt templates without hidden instructions
✓ No sensitive path access - scan_task_scope only reads target project directory
✓ Subprocess usage (v3_bridge.py) is legitimate internal IPC for long-running tasks
✓ sessions_spawn is OpenClaw's documented platform API for sub-agent spawning
✓ Try/except graceful degradation throughout - no unsafe imports