Nm Sanctum Do Issue

v1.0.0

Parallel subagent execution with code review gates between task batches for issue resolution

⭐ 0· 40·1 current·1 all-time

by@athola

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill declares no required env vars or binaries but the runtime instructions clearly assume authenticated Git CLIs (gh/glab), access to the repository (git commits/branches), and an experimental env var (CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS). The SKILL metadata lists required config hooks (leyline and various superpowers) which is coherent, but the absence of explicit credential requirements is a mismatch that could hide necessary permissions.

Instruction Scope

Instructions tell the agent to fetch issues, run gh/glab commands, create commits and a single branch with all subagent commits, and—critically—post 'tooling learnings' to the external night-market GitHub discussions. That outgoing post step can leak repo-specific or sensitive data. The guide also instructs process-level actions (e.g., kill -SIGINT <claude_pid>) and filesystem coordination for agent teams; those are powerful operations and widen the skill's impact beyond purely local issue-processing.

✓

Install Mechanism

Instruction-only skill with no install spec or code files — lowest installation risk. Nothing is downloaded or written by an installer step.

Credentials

The skill requests no declared credentials yet requires authenticated Git CLIs and an experimental CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS env var for agent-teams. It also prescribes posting tooling feedback to a third‑party GitHub repository (github.com/athola/claude-night-market), which may cause exfiltration of repo/tooling context. The required config paths (leyline and superpowers) are reasonable for its purpose, but the undocumented expectation of git credentials and the external posting step are disproportionate without clearer consent/controls.

Persistence & Privilege

always:false (good), but the skill is allowed to run autonomously and its normal behavior includes committing code, creating PRs, and posting external feedback. Autonomous invocation combined with the external-post instruction increases blast radius: the agent could autonomously push repo changes and leak context unless constrained. The skill does not modify other skills' configs, which is good.

What to consider before installing

This skill appears to implement the described parallel-issue workflow, but take these precautions before installing: - Understand and control credentials: the skill assumes gh/glab are available and authenticated and may use your git credentials to commit and create PRs. Only enable it where you trust those credentials (e.g., a sandbox or a non-production repo). - Watch for data exfiltration: the SKILL.md explicitly instructs posting 'tooling learnings' to an external GitHub discussions page (athola/claude-night-market). If your workflow or review notes could contain proprietary code, sensitive issue descriptions, or internal URLs, this could leak confidential information. Disable or remove that post step or require explicit user confirmation before posting. - Require explicit consent for pushes/PRs: because the skill centralizes all subagent work onto a single branch and automatically commits and opens PRs, run it in a protected/testing environment first and prefer manual gating for PR creation and merges. - Validate environment variables it expects: set and verify CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS only if you intend to use agent teams; otherwise run with --no-agent-teams or in Task-tool mode. Confirm tmux and local terminal availability if you plan to use agent teams to avoid unrecoverable hangs. - Run a dry-run: if the skill supports a non-destructive dry-run or --scope minor/test mode, use that to observe behavior without committing changes. If you want a safer install: request the author to (1) declare required env vars/credential expectations in the registry metadata, (2) make external-posting opt-in with explicit confirmation, and (3) provide a 'dry-run' mode that never pushes, opens PRs, or posts to external endpoints.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

⚙️ Clawdis

Confignight-market.leyline:git-platform, night-market.superpowers:subagent-driven-development, night-market.superpowers:writing-plans, night-market.superpowers:test-driven-development, night-market.superpowers:requesting-code-review, night-market.superpowers:finishing-a-development-branch

latestvk97872g3fg3ef1tgfw5sbshvd584wztz

40downloads

0stars

1versions

Updated 4d ago

v1.0.0

MIT-0

Night Market Skill — ported from claude-night-market/sanctum. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Key Features
Workflow Overview
Required TodoWrite Items
Configuration
Detailed Resources

Fix Issue(s)

Retrieves issue content from the detected git platform (GitHub, GitLab, or Bitbucket) and uses subagent-driven-development to systematically address requirements, executing tasks in parallel where dependencies allow.

Platform detection is automatic via the leyline:git-platform SessionStart hook. Check session context for git_platform: to determine which CLI to use.

Key Features

Cross-Platform: Automatically detects GitHub/GitLab/Bitbucket and uses appropriate CLI
Flexible Input: Single issue number, platform URL, or space-delimited list
Parallel Execution: Independent tasks run concurrently via subagents
One PR: All issues produce one consolidated PR (never per-issue PRs)
Quality Gates: Code review between task groups
Fresh Context: Each subagent starts with clean context for focused work

Workflow Overview

Phase	Description	Module
1. Discovery	Parse input, fetch issues, extract requirements	issue-discovery
2. Planning	Analyze dependencies, create task breakdown	task-planning
3. Execution	Dispatch parallel subagents for independent tasks	parallel-execution
4. Quality	Code review gates between task batches	quality-gates
5-6. Completion	Sequential tasks, final review, issue updates	completion

Required TodoWrite Items

do-issue:discovery-complete
do-issue:tasks-planned
do-issue:parallel-batch-complete
do-issue:review-passed
do-issue:sequential-complete
do-issue:issues-updated

Forge CLI Commands

Use the platform detected in session context (git_platform:). See Skill(leyline:git-platform) for full mapping.

Operation	GitHub (`gh`)	GitLab (`glab`)
Fetch issue	`gh issue view <N> --json title,body,labels,comments`	`glab issue view <N>`
Comment	`gh issue comment <N> --body "msg"`	`glab issue note <N> --message "msg"`
Close	`gh issue close <N> --comment "reason"`	`glab issue close <N>`
Search	`gh issue list --search "query"`	`glab issue list --search "query"`

Verification: Run the command with --help flag to verify availability.

Agent Teams (Default Execution Mode)

Agent teams is the default parallel execution backend for do-issue. Teammates coordinate via filesystem-based messaging, enabling real-time communication when shared files or dependencies are discovered mid-implementation.

Automatic downgrade: For single issues with --scope minor, agent teams is skipped (Task tool or inline execution is used instead). Use --no-agent-teams to force Task tool dispatch for any invocation.

Requires: Claude Code 2.1.32+, tmux, CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1. If prerequisites are missing, silently falls back to Task tool dispatch.

# Agent teams configuration
fix_issue:
  agent_teams:
    enabled: true           # on by default; --no-agent-teams to disable
    max_teammates: 4        # limit concurrent workers
    model: sonnet           # teammate model (lead uses current model)
    auto_downgrade: true    # skip agent teams for --scope minor

See modules/parallel-execution.md for detailed agent teams patterns.

Configuration

fix_issue:
  parallel_execution: true
  max_parallel_subagents: 3
  review_between_batches: true
  auto_close_issues: false
  commit_per_task: true