Skip to main content

Butler - AI Agent Treasury & Orchestration Skill

Butler automates token management and agent orchestration for AI tasks, optimizing resource allocation and enhancing operational efficiency.

Install this skill

or
18/100

Security score

The Butler - AI Agent Treasury & Orchestration Skill skill was audited on Feb 9, 2026 and we found 16 security issues across 2 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 89

Direct command execution function call

SourceSKILL.md
89// Simple spawn (auto-decompose)
medium line 34

Template literal with variable interpolation in command context

SourceSKILL.md
34console.log(`✅ Allocated ${allocation.allocated} tokens on ${allocation.provider}`);
medium line 115

Template literal with variable interpolation in command context

SourceSKILL.md
115console.log(`Sub-task ${result.subTaskId}:`);
medium line 116

Template literal with variable interpolation in command context

SourceSKILL.md
116console.log(` Status: ${result.status}`);
medium line 117

Template literal with variable interpolation in command context

SourceSKILL.md
117console.log(` Tokens: ${result.tokensUsed}`);
medium line 118

Template literal with variable interpolation in command context

SourceSKILL.md
118if (result.error) console.log(` Error: ${result.error}`);
medium line 245

Template literal with variable interpolation in command context

SourceSKILL.md
245console.log(`
medium line 280

Template literal with variable interpolation in command context

SourceSKILL.md
280console.log(`
medium line 319

Template literal with variable interpolation in command context

SourceSKILL.md
319console.log(`⚠️ ${aggregated.failed} sub-tasks failed:`);
medium line 323

Template literal with variable interpolation in command context

SourceSKILL.md
323console.log(` - ${d.id}: ${d.error}`);
medium line 350

Template literal with variable interpolation in command context

SourceSKILL.md
350console.log(`
medium line 361

Template literal with variable interpolation in command context

SourceSKILL.md
361console.log(`
medium line 372

Template literal with variable interpolation in command context

SourceSKILL.md
372console.log(`\nAvailable keys: ${available.length}`);
medium line 374

Template literal with variable interpolation in command context

SourceSKILL.md
374console.log(` - ${key.id} (${key.provider}): ${key.limits.tokens_per_day.toLocaleString()} tokens/day`);
low line 477

Access to hidden dotfiles in home directory

SourceSKILL.md
477# Optional - defaults to ~/.openclaw/workspace/api-keys.json
low line 480

Access to hidden dotfiles in home directory

SourceSKILL.md
480# Optional - defaults to ~/.openclaw/workspace/token-manager-state.json
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categoryfinance accounting
UpdatedApril 4, 2026
openclawapicfo-fpabusiness-developmentdata-scientistml-ai-engineerproduct-manageropenaianthropicgroqfinance accountingsalesdata analyticsdevelopmentproduct
openclaw/skills