Multi-Agent Engine v8

Multi-Agent Orchestrator v8.2.1 - Enhanced stability (Node.js v24 compatibility, lazy environment detection, third-party environment adaptation). Supports go...

This skill appears to be what it says: a local multi-agent orchestrator that manages agent workspaces, aggregates outputs, archives results, and validates environment compatibility. Before installing or running it: 1) Review ~/.openclaw/openclaw.json and other workspace files for any stored secrets—the skill reads that file to discover models (it does not appear to send it anywhere). 2) Expect the skill to create and modify files under ~/.openclaw/workspace (profiles, agents/, shared/, archive/, logs/, etc.) and to create .bak backups. 3) Run the provided check_env first to see any compatibility messages; note the code may call process.exit on fatal errors and stop the host process. 4) If you are concerned about side effects, run it in a sandboxed environment or a throwaway account first. 5) If you need stronger assurance, review the remaining truncated files (the bundle contains many modules) for any network calls or unexpected behavior before granting persistent use.

Type: OpenClaw Skill Name: multi-agent-engine-v8 Version: 8.2.1 The multi-agent-engine-v8 bundle is a complex framework for orchestrating AI agents using the OpenClaw sessions_spawn API. A significant security vulnerability is present in lib/modelSelector.js, which uses eval() to parse the openclaw.json configuration file, creating a risk of Arbitrary Code Execution (RCE). Furthermore, the bundle includes scripts like lib/create_fsm.js and lib/generate_stateMachine.js that programmatically generate and write JavaScript files to the filesystem. While these capabilities are aligned with the stated purpose of managing research workflows, the use of unsafe execution primitives and dynamic code generation represents a high-risk attack surface.