Lightweight agent registry and JIT router. Consult BEFORE performing specialized work such as code review, security audit, debugging, refactoring, performanc...
Security Analysis
high confidenceThis is a disclosed agent-router skill, but it can automatically fetch unpinned third-party agent prompts, run them as subagent instructions, and cache them for future sessions.
The stated purpose and behavior align as a router, but the capability includes importing 130+ external prompt agents on demand and treating their content as operational instructions without source pinning or review.
The skill tells the assistant to consult and dispatch before broad categories of specialized work, and to download missing agents on the fly; the workflow does not require user approval or inspection before using fetched prompts.
Although there is no install spec or code, the runtime instructions use shell commands and curl to write remote files from GitHub's main branch into an agents directory; this runtime download mechanism is the main security issue.
The default cache path is ~/.claude/agents while the platform table also references OpenClaw dispatch, so the skill can affect persistent agent state outside the immediate OpenClaw skill context.
Downloaded agent prompts are cached permanently for future sessions, creating persistent instruction state without expiry, hash verification, or built-in cleanup.
Guidance
Install only if you are comfortable with a router that can download third-party agent prompts from GitHub and use them automatically. Prefer reviewing the selected agent files first, pinning the upstream source to a trusted commit, and periodically clearing the cached agents.
Latest Release
v2.0.0
JIT agent dispatch: agents download on demand mid-session instead of requiring pre-installation. TOML index now includes category for URL construction. 99x less context overhead.
Popular Skills
Published by @userfrm on ClawHub
