Skills
skills/enderfga/openclaw-claude-code-skill/claw-orchestrator/Gen Agent Trust Hub

claw-orchestrator

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to manage and interact with multiple coding CLI engines by spawning them as child processes.
  • File references/multi-engine.md: Describes wrapping claude, codex, gemini, and agent (Cursor) binaries as subprocesses.
  • File references/sessions.md: Mentions that SessionManager tracks process IDs in ~/.openclaw/session-pids.json for cleanup and management.
  • [REMOTE_CODE_EXECUTION]: The skill provides a feature to run a 'custom engine', which enables the execution of arbitrary binaries and arguments specified in the session configuration.
  • File references/tools.md: Defines the session_start tool with a customEngine parameter that includes a bin field for the binary path.
  • File references/multi-engine.md: Details the customEngine configuration, which accepts a binary path and arguments.
  • File references/council.md: Notes that the council system defaults to bypassPermissions for agents, allowing for automated command execution without user confirmation.
  • [EXTERNAL_DOWNLOADS]: The skill fetches several external CLI tools and packages from official registries and well-known service providers.
  • File SKILL.md: Lists npm packages including @enderfga/claw-orchestrator, @anthropic-ai/claude-code, @openai/codex, and @google/gemini-cli.
  • File references/multi-engine.md: Describes fetching the Cursor Agent via the official installer: curl https://cursor.com/install -fsSL | bash.
  • [DATA_EXFILTRATION]: The OpenAI-compatible bridge supports a status webhook that sends session activity data to a user-defined external URL.
  • File references/openai-compat.md: Describes the OPENAI_COMPAT_STATUS_URL environment variable, which, when set, causes the server to POST JSON updates about agent activity to that URL.
  • [CREDENTIALS_UNSAFE]: The skill manages environment variables for multiple AI services and stores its own authentication token on the local filesystem.
  • File references/getting-started.md: Explains the use of ANTHROPIC_API_KEY, OPENAI_API_KEY, and GEMINI_API_KEY to authenticate the underlying engines.
  • File references/getting-started.md: Mentions writing a bearer token to ~/.openclaw/server-token for CLI access to the embedded server.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 05:20 AM
Security Audit — agent-trust-hub — claw-orchestrator