Colony

Orchestrates multi-agent task delegation and workflows with audit logging, checkpoint approvals, and agent learning for coordinated project execution.

This skill is a full local CLI for running multi-agent workflows and generally matches its stated purpose, but please review these before installing or running: - Required binaries: The code expects an 'openclaw' CLI and uses shell utilities (mv, base64, echo). The manifest did not declare these — ensure you have a trustworthy openclaw binary and understand what it will do. - Notifications: The CLI can send messages via openclaw message send to a configured target (colony/config.yaml). Check that config and set notifications.target to a safe value (or disable notifications) to avoid accidental data leakage. - File writes: The skill creates and updates many files under the 'colony/' directory (tasks.json, audit logs, memory files, context). Do not run it in a directory containing sensitive files you don't want the tool to read or modify. - Shell command usage: Multiple scripts build shell commands with interpolated values. If you plan to feed untrusted task descriptions or modify config files, do so in an isolated environment (VM/container) because of potential command-injection risks. - Recommended actions before use: inspect colony/config.yaml and colony/agents.yaml, run the code in a sandbox, verify the openclaw binary you will use, and consider adjusting notification settings. If you need higher assurance, request the author to declare required binaries and to avoid constructing shell commands with unescaped, user-provided content. Overall: functionally coherent with its purpose, but the missing declared runtime dependencies and the use of shell-executed external CLI calls merit caution — treat this skill as suspicious until you validate those points.

Type: OpenClaw Skill Name: multi-agent-orchestration Version: 1.0.0 The skill is suspicious due to the inherent risks associated with an AI agent (`shell` agent) explicitly designed for 'system tasks' and 'deployments', combined with the potential for prompt injection. While there's no clear evidence of intentional malice, the `colony.mjs` and `colony-worker.mjs` scripts construct prompts for LLM agents using user-controlled inputs (task descriptions, process contexts) and internal state (agent memory, global context). If an attacker can manipulate these inputs or internal state, they could inject malicious instructions into the `shell` agent's prompt, potentially leading to arbitrary command execution via the `openclaw agent` tool. Additionally, the `notify` function in `colony.mjs` uses `execSync` to send messages via `openclaw message send`, which, despite basic escaping, represents an external communication channel that could be abused if the message content (derived from agent outputs or error messages) were maliciously crafted or if the `openclaw` CLI itself had injection vulnerabilities.