clawteam
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements the ClawTeam multi-agent orchestration framework, which is a legitimate tool for coordinating multiple AI agents. Its operations, including using tmux for session management and git worktrees for file system isolation, are standard practices for this use case.
- [EXTERNAL_DOWNLOADS]: The skill installs the 'clawteam' Python package and recommends CLI agents like '@anthropic-ai/claude-code' via official package registries. These are necessary dependencies for the skill's primary function and come from trusted or well-known ecosystems.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests user-defined tasks and passes them to autonomous worker agents. 1. Ingestion points: Task descriptions in 'SKILL.md' and 'scripts/spawn-team.sh'. 2. Boundary markers: Absent. 3. Capability inventory: Spawned agents have tool-access (Bash, Read, Write, etc.) to perform assigned coding tasks. 4. Sanitization: Absent. This is a characteristic of agent orchestration tools and is mitigated by the host agent's safety layers.
- [COMMAND_EXECUTION]: The skill executes shell commands to manage tmux sessions, git worktrees, and local state directories. These operations are transparently documented and required for the tool to manage independent agent workspaces.
Audit Metadata