← Back to Skills Marketplace
823
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install task-orchestra
Description
Coordinate multiple agents and tasks for complex workflows. Orchestrate subagents, manage dependencies, handle parallel execution, and ensure successful comp...
Usage Guidance
This skill's described orchestration features are plausible, but several inconsistencies suggest caution:
- Ask the publisher (or repository) why BRAVE_API_KEY is required and what it's used for; do not provide sensitive tokens until that is explained.
- Confirm why an npm 'async' package and an 'async' binary are installed — that package is normally a JS library, not a CLI. If you must install it, review the exact package and its maintainer and audit the package contents in a sandbox first.
- Because the skill can spawn and steer subagents, run it in a restricted/sandboxed environment and limit its privileges on first use.
- Prefer skills with a verifiable source/homepage and code you can inspect; this skill has no source URL or code files.
If you cannot get a clear explanation for the BRAVE_API_KEY and the odd install spec, treat this skill as untrusted and avoid installing it or set it up in an isolated test environment only.
Capability Analysis
Type: OpenClaw Skill
Name: task-orchestra
Version: 1.0.0
The skill 'task-orchestra' is classified as suspicious due to its powerful capabilities that, while aligned with its stated purpose of agent orchestration, present significant security risks. It requires access to `curl` and `jq` (enabling network and shell command execution) and the `BRAVE_API_KEY` environment variable (access to a secret). Crucially, the skill instructs the agent on how to spawn, steer, and kill subagents (`sessions_spawn`, `sessions_send`, `subagents kill`, `subagents steer`), which are powerful primitives that could be leveraged for unauthorized actions or data exfiltration if the agent receives malicious prompts. While there are no explicit instructions for malicious behavior within the `SKILL.md` itself, the combination of broad permissions and powerful execution capabilities makes it a high-risk component.
Capability Assessment
Purpose & Capability
The skill claims to coordinate subagents and manage workflows — that aligns with the SKILL.md instructions. However, the declared required environment variable (BRAVE_API_KEY) is unrelated to orchestration and is never referenced in the instructions. The install spec asks for an npm package 'async' and declares it creates a binary named 'async' (the npm 'async' package is a JS library, not a CLI binary). These requirements do not match the stated purpose and are disproportionate or unexplained.
Instruction Scope
The SKILL.md is instruction-only and stays within orchestration concerns (spawn/monitor/kill subagents, dependency resolution, templates). It is quite high-level and grants broad discretion to spawn and manage subagents (including 'self-evolution' uses), which is powerful but consistent with an orchestration skill. The instructions do not reference BRAVE_API_KEY, curl/jq usage, or any external endpoints, and they are vague in ways that could enable wide-ranging agent behavior if the agent platform honors commands like sessions_spawn and subagents kill/steer.
Install Mechanism
An npm install entry is present for package 'async' that purportedly creates a binary 'async'. This is inconsistent: 'async' on npm is a JS library (not a known CLI), and the skill contains no code files that would need that dependency. Installing arbitrary npm packages can introduce supply-chain risk; here the install requirement appears unnecessary or malformed.
Credentials
The skill requires BRAVE_API_KEY but the SKILL.md contains no instructions that use Brave or any external search/API requiring that key. Requiring a secret-like environment variable without justification is disproportionate. No primary credential is declared, and no other env/config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not declare system config paths, and is user-invocable only. That is a normal privilege profile. Note: the functional ability to spawn and manage subagents (per the instructions) is powerful — review platform-level permissions for spawning agents before enabling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install task-orchestra - After installation, invoke the skill by name or use
/task-orchestra - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of task-orchestra skill.
- Coordinate multiple agents and tasks for complex, multi-step workflows.
- Manage task dependencies, parallel execution, and agent orchestration.
- Provides built-in patterns for sequential, parallel, and pipeline execution.
- Robust workflow management including error handling, state tracking, and recovery.
- Supports spawning, supervising, and communicating with subagents.
- Includes workflow templates for research, content creation, and software development.
Metadata
Frequently Asked Questions
What is Task Orchestra?
Coordinate multiple agents and tasks for complex workflows. Orchestrate subagents, manage dependencies, handle parallel execution, and ensure successful comp... It is an AI Agent Skill for Claude Code / OpenClaw, with 823 downloads so far.
How do I install Task Orchestra?
Run "/install task-orchestra" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Task Orchestra free?
Yes, Task Orchestra is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Task Orchestra support?
Task Orchestra is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Task Orchestra?
It is built and maintained by tobisamaa (@tobisamaa); the current version is v1.0.0.
More Skills