Agent Team

The code and SKILL.md align with the stated purpose: managing per‑agent SOUL.md/configs, listing/showing agents, and spawning/chatting by calling OpenClaw CLI. However, the greetings.py file reaches out to third‑party model endpoints (dashscope.aliyuncs.com) and embeds per‑agent api_key placeholders; this is plausible for a multi‑agent launcher but the implementation contains surprising bits (see environment_proportionality).

SKILL.md instructions are generally scoped to creating ~/.openclaw/workspace/agents and using the agent CLI. However a pre-scan flagged unicode control characters inside SKILL.md (prompt‑injection pattern), which can be used to obscure or manipulate text. Also the runtime behavior will pass SOUL.md content directly into subprocess calls (system prompts) — expected, but note that malicious or malformed SOUL.md content could influence spawned agents.

No install spec is provided (instruction + small scripts only), so nothing will be downloaded or installed by the skill itself. This is lower risk from an install mechanism perspective.

The registry lists no required env vars, but greetings.py at the end requires DEEPSEEK_API_KEY (and will raise if it's missing). The AGENTS entries use 'api_key': 'TODO_REPLACE_WITH_ENV' and hardcoded base_url values — the mismatch between declared requirements (none) and code behavior (expectation of API keys and calls to external model endpoints) is disproportionate and likely to cause runtime failures or accidental credential exposure if the user sets keys incorrectly. The skill will also send any provided api_key values to dashscope.aliyuncs.com as Bearer tokens.

always:false and no system‑wide changes are requested. The skill reads/writes only under the user's home workspace (~/.openclaw/workspace) and spawns OpenClaw sessions via subprocesses; it does not alter other skills or request elevated persistence privileges.