Skills
skills/hkuds/clawteam/ClawTeam Multi-Agent Coordination/Gen Agent Trust Hub

ClawTeam Multi-Agent Coordination

Warn

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the clawteam package from PyPI, which is an external dependency not managed by the platform.
  • [COMMAND_EXECUTION]: The clawteam spawn command enables the execution of arbitrary CLI tools (e.g., claude, gemini, subprocess) as subprocesses or within tmux sessions. This allows the agent to launch any command-line tool available in the environment.
  • [COMMAND_EXECUTION]: The skill uses a skip_permissions flag by default in its spawning commands. This is designed to suppress interactive permission prompts in certain AI agent environments, which can lead to actions being performed without explicit user oversight.
  • [PROMPT_INJECTION]: The coordination framework creates a surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent ingests data and instructions from other agents via the clawteam inbox receive and clawteam task list commands as described in SKILL.md and references/workflows.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to help it differentiate between its core system instructions and potentially malicious instructions received through the team inbox or task descriptions.
  • Capability inventory: The skill possesses the capability to spawn new processes (spawn), send messages (inbox send), and modify the shared task board.
  • Sanitization: There is no evidence of content sanitization or validation for messages and task data received from other agents in the team.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 3, 2026, 07:14 AM