← Back to Skills Marketplace
90
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install venture-spawner
Description
Instant agent hiring. Takes job postings from the orchestrator and fills them with properly configured sub-agents. Handles context passing, timeout enforceme...
Usage Guidance
This skill appears to implement an agent-spawning orchestration flow but contains several items that could expose secrets or sensitive files if not constrained. Before installing, confirm: (1) where JOB_BOARD.md and referenced files live and who can write them; (2) that the platform enforces strict allowlists/deny-lists so spawned tasks cannot receive .env contents, private keys, or personal files unless explicitly authorized; (3) whether 'Include SSH commands for droplet' implies access to SSH private keys — if so, deny or centralize SSH access rather than embedding keys in tasks; (4) how access to other skills' files and OpenClaw docs is controlled; and (5) add explicit sanitization rules in the orchestrator (strip credentials, redact secrets, require user confirmation before spawning buckets that reference named personal files). If you proceed, limit which buckets can spawn agents, require explicit approval for any job that references SSH or named personal data, and monitor spawned-agent activity and logs for unexpected outbound connections or file accesses.
Capability Analysis
Type: OpenClaw Skill
Name: venture-spawner
Version: 1.0.0
The 'venture-spawner' skill is a robust orchestration tool designed to manage sub-agent lifecycles based on a job board (JOB_BOARD.md). It implements several safety and operational best practices, such as a strict concurrency limit (max 3 agents), dependency resolution logic, and explicit instructions in SKILL.md to avoid modifying .env files with real credentials. While it handles high-privilege tasks like spawning agents and passing SSH context for infrastructure management, these actions are well-documented and aligned with the stated purpose of automated project management without any signs of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The name/description (spawn sub-agents, enforce timeouts, pass context) align with the instructions. However several bucket-specific requirements (e.g., "Include SSH commands for droplet", "Ryan's resume", "Relevant skill files, OpenClaw docs") are not justified by the manifest (no env, no config paths) and imply access to SSH credentials, a named individual's private file, and other skills' internals. Those items are disproportionate to a generic spawner unless the orchestrator explicitly provides controlled access.
Instruction Scope
SKILL.md tells the agent to read workspace/JOB_BOARD.md and to assemble/paste relevant file contents into spawned-agent tasks. It explicitly allows passing 'Relevant skill files' and full file references, and asks for SSH commands to be included for some buckets. That grants broad discretion to include files (potentially secrets) in task payloads and to instruct sub-agents to perform network/SSH actions — scope creep from a simple orchestrator role unless the platform enforces strict file/secret filtering.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill package itself.
Credentials
The skill declares no environment variables or credentials, yet the guidance implicitly expects access to potentially sensitive material (SSH commands/keys, 'Ryan's resume', other skill files). That mismatch (no explicit credential requirements but clear need/encouragement to use sensitive data) is a red flag: who provides SSH keys and personal files, and how are they protected/filtered before being passed to child agents?
Persistence & Privilege
The skill does not request always:true and does not install persistent components. However it is allowed to invoke autonomously (default), so combined with the instruction to spawn and pass arbitrary context, autonomous invocation increases blast radius—particularly for buckets that ask to include other skills or SSH commands. This is noteworthy but not decisive on its own.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install venture-spawner - After installation, invoke the skill by name or use
/venture-spawner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
First release. Takes scoped job postings, spawns configured sub-agents per work bucket, tracks completion, handles failures. Max 3 concurrent agents.
Metadata
Frequently Asked Questions
What is Venture Spawner?
Instant agent hiring. Takes job postings from the orchestrator and fills them with properly configured sub-agents. Handles context passing, timeout enforceme... It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.
How do I install Venture Spawner?
Run "/install venture-spawner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Venture Spawner free?
Yes, Venture Spawner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Venture Spawner support?
Venture Spawner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Venture Spawner?
It is built and maintained by KairoKid (@dodge1218); the current version is v1.0.0.
More Skills