← Back to Skills Marketplace
donovanpankratz-del

Subagent Architecture

by dp-del · GitHub ↗ · v2.3.5
cross-platform ✓ Security Clean
502
Downloads
0
Stars
2
Active Installs
6
Versions
Install in OpenClaw
/install subagent-architecture
Description
Advanced patterns for specialized subagent orchestration with production-ready reference implementations. Security isolation, phased implementation, peer col...
Usage Guidance
This is a coherent reference-implementation skill, but treat the included JS as third-party code before running it. Recommendations: 1) Inspect lib/* and examples for any network calls or unexpected filesystem writes (the cost-logger writes JSONL under a memory/ path). 2) If you plan to enable federated peer review or Discord webhooks, only provide webhook URLs/endpoints you trust and verify where code posts to. 3) Execute examples in an isolated/dev environment first (no production credentials). 4) If you need stricter safety, run the code with limited filesystem permissions or sandboxing and consider disabling autonomous invocation for your agent while you evaluate (set disable-model-invocation or limit skill usage). 5) If anything is unclear, review the specific functions that perform sanitization, spawning, and logging to confirm they match your operational constraints.
Capability Analysis
Type: OpenClaw Skill Name: subagent-architecture Version: 2.3.5 This skill bundle is meticulously designed for secure and cost-aware subagent orchestration. It explicitly documents security best practices (e.g., data sanitization, output schema validation, tool whitelisting in `lib/spawn-security-proxy.js`), cost management (`lib/cost-estimator.js`), and quality control. The `SKILL.md` is highly transparent, addressing potential scanner flags and detailing framework limitations (e.g., lack of granular resource controls, skill sandboxing) as vulnerabilities in the OpenClaw platform itself, not as malicious intent within the skill. The `setup.sh` script is benign, only creating local directories. There is no evidence of intentional harmful behavior, data exfiltration, persistence, or unauthorized remote control. The documented 'attack vectors' are for defensive awareness, not for exploitation.
Capability Assessment
Purpose & Capability
The name/description (subagent orchestration, security proxy, cost-aware spawning) aligns with the provided JS libraries, examples, and templates. The libs implement the advertised features (spawn helpers, cost estimator, quality scorer); no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md clearly states the code is reference-only and not auto-executed; setup.sh only scaffolds and makes no network calls. However the shipped examples and libraries perform file I/O (e.g., JSONL cost logs under memory/), and optional workflows can call external endpoints (Discord webhooks, peer endpoints) only if the user configures them. Review the libs before running examples to confirm behavior you expect.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. The package nevertheless contains runnable JS files which will be present on disk when you install/use the skill; setup.sh writes local scaffolding. No remote downloads or obscure URLs are used. Treat the included code as third‑party source you will run locally.
Credentials
The skill declares no required env vars or credentials. External integrations (Discord webhook, peer endpoints) are explicitly optional and described as opt-in requiring manual configuration. Required resources (file writes) are proportional to the stated functionality (logging, local history).
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does not claim to modify other skills or global agent settings. Autonomous invocation remains allowed by platform default, but that is expected for skills and not specific to this package.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install subagent-architecture
  3. After installation, invoke the skill by name or use /subagent-architecture
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.5
Docs: added complexity explanation section — why the skill is large, why scanners flag it, what each component does. Helps users and automated scanners understand scope vs. malice.
v2.3.4
Docs: security transparency notice, explicit credential/external-integration disclosure, package-type clarification (libs are reference implementations, not auto-executed)
v2.3.3
Docs: added security transparency notice, explicit credential disclosure (none required), external integration disclosure (all opt-in), package type clarification (reference-implementation-with-libs, not auto-executed)
v2.3.2
Fix: renamed prompt-injection example string in spawn-security-proxy.js to avoid false positive security scanner hits
v2.3.1
Fix: renamed prompt-injection example string to avoid false positive security scanner hits
v2.3.0
subagent-architecture v2.3.0 - Clarified best practices and corrected misunderstandings around AGENTS.md: spawning does not require any file or registry, and AGENTS.md is strictly an optional, human-readable reference. - Expanded and refined documentation for security isolation, phased implementation, peer collaboration, and cost-aware subagent spawning. - Updated quick start and template guidance for practical usage with OpenClaw v2026.2.17+. - Reiterated how to leverage and integrate production-ready libraries and templates for common orchestration patterns.
Metadata
Slug subagent-architecture
Version 2.3.5
License
All-time Installs 2
Active Installs 2
Total Versions 6
Frequently Asked Questions

What is Subagent Architecture?

Advanced patterns for specialized subagent orchestration with production-ready reference implementations. Security isolation, phased implementation, peer col... It is an AI Agent Skill for Claude Code / OpenClaw, with 502 downloads so far.

How do I install Subagent Architecture?

Run "/install subagent-architecture" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Subagent Architecture free?

Yes, Subagent Architecture is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Subagent Architecture support?

Subagent Architecture is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Subagent Architecture?

It is built and maintained by dp-del (@donovanpankratz-del); the current version is v2.3.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments