Skills
skills/openclaw/skills/orchestrator/Gen Agent Trust Hub

orchestrator

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill is rated MEDIUM due to an unverifiable external dependency referenced in its metadata. While the skill itself is a descriptive set of instructions for an AI, it also explicitly grants the AI powerful capabilities like command execution, which could be misused via prompt injection.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable Dependency (External GitHub Reference)

  • _meta.json, Line 7: "commit": "https://github.com/clawdbot/skills/commit/fe2015076c5f6b04aad8a4e31c5684b689a4c563" The _meta.json file references a specific commit on GitHub (clawdbot/skills). The clawdbot organization is not listed as a trusted external source. While this is a reference to the skill's origin rather than a direct download instruction, it means the provenance of the skill itself relies on an untrusted external source. This introduces a risk as the integrity of the skill's source cannot be fully verified by trusted channels.

🔵 LOW Findings: • Command Execution Capability

  • SKILL.md, Line 20: If you need to manipulate files or run scripts, use pi or exec. The skill explicitly instructs the AI to use pi (via coding-agent) or exec for manipulating files and running scripts. This means the orchestrator is designed with the capability to execute arbitrary commands on the underlying system. While this is a core function of an orchestrator, it represents a significant security capability that, if misused (e.g., via prompt injection), could lead to arbitrary code execution, data exfiltration, or system compromise. This is noted as a capability rather than a direct threat from the skill's code itself. • Susceptibility to Prompt Injection
  • SKILL.md (overall design) As an "Intelligent Orchestrator" designed to "solve complex problems by breaking them down and coordinating available tools," this skill is inherently susceptible to prompt injection. A malicious user could craft prompts that manipulate the AI into misusing its exec, pi, or mcporter capabilities to perform unauthorized actions, exfiltrate data, or escalate privileges. This is an inherent risk of such a powerful, instruction-based skill.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 07:48 AM