首页 / 技能 / Task Orchestra — 多智能体编排

📦 Task Orchestra — 多智能体编排

v1.0.0

一键编排多智能体协同,自动管理依赖、并行与串行任务,确保复杂工作流高效、可靠完成。

0· 747·0 当前·0 累计
tobisamaa 头像by @tobisamaa
智能体工作流自动化开发工具
下载技能包
最后更新
2026/4/22
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
This skill's described orchestration features are plausible, but several inconsistencies suggest caution: - Ask the publisher (or repository) why BRAVE_API_KEY is required and what it's used for; do not provide sensitive tokens until that is explained. - Confirm why an npm 'async' package and an 'async' binary are installed — that package is normally a JS library, not a CLI. If you must install it, review the exact package and its maintainer and audit the package contents in a sandbox first. - ...
详细分析 ▾
用途与能力
The skill claims to coordinate subagents and manage workflows — that aligns with the SKILL.md instructions. However, the declared required environment variable (BRAVE_API_KEY) is unrelated to orchestration and is never referenced in the instructions. The install spec asks for an npm package 'async' and declares it creates a binary named 'async' (the npm 'async' package is a JS library, not a CLI binary). These requirements do not match the stated purpose and are disproportionate or unexplained.
指令范围
The SKILL.md is instruction-only and stays within orchestration concerns (spawn/monitor/kill subagents, dependency resolution, templates). It is quite high-level and grants broad discretion to spawn and manage subagents (including 'self-evolution' uses), which is powerful but consistent with an orchestration skill. The instructions do not reference BRAVE_API_KEY, curl/jq usage, or any external endpoints, and they are vague in ways that could enable wide-ranging agent behavior if the agent platform honors commands like sessions_spawn and subagents kill/steer.
安装机制
An npm install entry is present for package 'async' that purportedly creates a binary 'async'. This is inconsistent: 'async' on npm is a JS library (not a known CLI), and the skill contains no code files that would need that dependency. Installing arbitrary npm packages can introduce supply-chain risk; here the install requirement appears unnecessary or malformed.
凭证需求
The skill requires BRAVE_API_KEY but the SKILL.md contains no instructions that use Brave or any external search/API requiring that key. Requiring a secret-like environment variable without justification is disproportionate. No primary credential is declared, and no other env/config paths are requested.
持久化与权限
The skill does not request always:true, does not declare system config paths, and is user-invocable only. That is a normal privilege profile. Note: the functional ability to spawn and manage subagents (per the instructions) is powerful — review platform-level permissions for spawning agents before enabling.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/24

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install task-orchestra
镜像加速npx clawhub@latest install task-orchestra --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库