The Agent Skills Directory

[COMMAND_EXECUTION]: The clawteam spawn command enables the execution of arbitrary shell commands as sub-agents (e.g., clawteam spawn tmux [COMMAND]). This allows for the dynamic creation of processes that may execute user-provided or untrusted inputs.
[COMMAND_EXECUTION]: The skill encourages the use of the --dangerously-skip-permissions flag by default when spawning agents. This explicitly removes security boundaries, allowing agents to perform potentially sensitive operations without human-in-the-loop approval.
[COMMAND_EXECUTION]: The identity management workflow recommends the use of eval $(clawteam identity set ...) in references/workflows.md, which executes shell code generated by the CLI tool. This pattern is susceptible to command injection if the tool's output is compromised.
[PROMPT_INJECTION]: The skill implements an attack surface for indirect prompt injection through its messaging and task management systems.
Ingestion points: Untrusted data enters the agent context via clawteam inbox receive and clawteam task list (documented in SKILL.md and references/cli-reference.md).
Boundary markers: No delimiters or 'ignore' instructions are documented for delimiting external message or task data.
Capability inventory: The skill possesses the capability to spawn new processes (clawteam spawn), update task states, and manage system files in ~/.clawteam/.
Sanitization: No evidence of sanitization or validation of message or task content is provided before it is processed by the recipient agent.
[REMOTE_CODE_EXECUTION]: The skill's architecture is designed for the distributed execution of commands across multiple processes, which represents a coordinated platform for code execution.

ClawTeam Multi-Agent Coordination