high perf orchestration a la oh my codex & gastown

Hybrid orchestration skill where OpenClaw stays the control plane and ACP Claude Code is the default execution backend for coding work.

What to check before installing or using this skill: - Verify presence of helper scripts: the docs reference many scripts under scripts/orchestration/ (prepare_project_builder.py, launcher_preflight.py, mark_launch.py, etc.). These are not in the provided file list. Ask the author for the missing scripts or confirm you already have trusted copies before relying on the instructions. - Secrets and gateway changes: the package metadata says no env vars are required, but the docs instruct injecting OPENAI_API_KEY into the gateway environment for Codex ACP and changing ACPX policy to permissionMode: 'approve-all'. Those are privileged operational changes. Do NOT apply permissionMode: 'approve-all' in production without understanding the security implications. If you must provide an API key, store it securely and scope it appropriately. - Principle of least privilege: prefer explicit approval/interactive permission flows for ACP sessions where possible. The suggested 'approve-all' mode increases risk of unattended agents performing actions without human review. - Confirm what will be invoked: the skill's instructions assume the orchestrator can call sessions_spawn and related OpenClaw tooling. Confirm your gateway and agent environment expose these APIs and that the skill will not try to exfiltrate unrelated secrets. The skill's file-based handoff model is reasonable for orchestration, but the missing scripts and the gateway tweaks are the main gaps. - Test in an isolated environment: run any suggested setup (especially gateway changes and API-key injection) in a non-production/test environment first. Audit logs and limit network access for any worker sessions you spawn. If you need higher assurance: request the full implementation (all referenced scripts) and an explanation for why ACPX permissionMode must be relaxed, or prefer a variant that uses explicit, limited approvals and documents exactly which secrets and host-level changes are required.

Type: OpenClaw Skill Name: orchestration-setups Version: 0.1.2 The skill bundle defines a sophisticated multi-agent orchestration framework but recommends high-risk security configurations. Specifically, docs/reproduction.md instructs users to set the ACPX plugin to 'approve-all' for 'unattended' execution, which bypasses human-in-the-loop security boundaries for external agents. Additionally, the documentation (docs/runtime/README.md and docs/design/control-plane-v1.md) references a suite of local Python scripts (e.g., run_workflow.py, dispatch_step.py) that constitute the 'engine' of the system but are not included in the bundle, making the actual execution logic unverifiable.