Is cecwxf/multi-agent-sync safe?

https://github.com/openclaw/skills/tree/main/skills/cecwxf/multi-agent-sync

91
SAFE

This skill is a pure markdown workflow guide for multi-agent coordination in chat groups. It contains no executable code, no external URL references, no data exfiltration vectors, and triggered no suspicious behavior during installation. The primary concerns are its forceful behavioral directives (cross-skill chaining with openai-codex-operator, mandatory background watcher creation, and communication channel redirection), which are contextually appropriate for its stated purpose but warrant user awareness.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

LOW Mandatory cross-skill chaining with openai-codex-operator -10

The skill explicitly mandates that all coding subtasks must use the openai-codex-operator (Codex skill), and multi-agent orchestration must follow multi-agent-sync. This creates implicit skill chaining that the user may not have authorized. If the chained skill contains vulnerabilities, this skill amplifies the exposure.

LOW Instructs creation of persistent background watcher processes -8

The skill mandates auto-starting a temporary watcher job using cron/timer patterns at kickoff, with polling cadence of 1-2 minutes. While contextually appropriate for coordination, this creates persistent background activity that may outlive the user's intended session scope.

LOW Communication channel redirection away from main chat -5

The skill explicitly instructs the agent to keep the main/direct chat 'lightweight for control messages only' and redirect all substantive output to topic threads. While this is a legitimate UX pattern for group coordination, it means the user's primary interface shows minimal information about what the agent is actually doing.

INFO Forceful behavioral override language throughout -2

The skill uses strong directive language ('mandatory', 'must', 'hard requirement', 'rule enforcement') across 15+ behavioral rules. While not malicious, this level of behavioral prescription goes beyond typical skill guidance and aggressively shapes agent behavior.

INFO Unexplained dependency in lock file -5

The .clawhub/lock.json references academic-research-hub as an installed skill dependency, which has no obvious relationship to multi-agent synchronization. This is likely residual metadata from the author's environment and poses no direct risk, but is noted for completeness.