@openclaw/orchestration

Framework for coordinating multi-agent tasks with atomic claims, dependencies, retries, and markdown task visibility using a shared SQLite queue.

This skill appears to implement what it says (a local SQLite multi-agent queue) but it's not production-ready as-is. Before installing or running it: - Review and, if possible, run the included tests in an isolated environment (the repository includes tests). They exercise most critical paths. - Address the CODEX_REVIEW issues (wrap multi-statement DB changes in transactions, enforce agent max_concurrent, ensure backup/restore await/close DB properly). These are correctness and data-integrity fixes, not evidence of malicious behavior. - Be aware the code imports '../../interchange/src/index.js' — the skill expects a sibling 'interchange' module to be present; if you don't have that, refresh/CLI may fail or, if present, will execute that external code. Validate that path and ensure only trusted code exists there. - Because this uses better-sqlite3 (native module), install/build may require a C++ toolchain or prebuilt binaries; test installation in your target environment first. - Run the CLI commands (claim/complete/sweep/refresh/backup/restore) in a controlled environment and back up any important data — restore can overwrite the live DB file and sweep/complete mutate state. If you need to use this skill in production, require the maintainer to fix the high/critical issues and either declare a dependency on @openclaw/interchange or vendor the required interchange functions to avoid cross-directory imports. If you lack the capability to audit or patch these issues, treat this package as untrusted for production workloads.

Type: OpenClaw Skill Name: openclaw-orchestration Version: 1.0.0 The skill is classified as suspicious due to multiple critical and high-severity vulnerabilities identified in the `CODEX_REVIEW.md` and confirmed by analysis. These include race conditions and lack of transactional integrity in `src/queue.js` (e.g., `claimTask`, `createTask`, `completeTask`, `failTask`), potential database corruption during restore in `src/backup.js`, and a failure to enforce `max_concurrent` limits in `src/queue.js`. While these issues could lead to data inconsistency, operational failures, or bypass of intended controls, they do not demonstrate clear evidence of intentional malicious behavior such as data exfiltration, backdoors, or unauthorized remote code execution. The `SKILL.md` and `README.md` do not contain prompt injection attempts with harmful objectives.