Coding Swarm Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a powerful multi-agent coding orchestrator that can run other AI coding tools, keep sessions alive, and push code automatically, but its scope and safety controls are broad enough that users should review it carefully before use.
Install only if you are comfortable with a swarm of local AI coding agents operating on your repositories. Prefer a disposable or single-user repo first, keep secrets out of the working tree, use branches/CI instead of direct main pushes, review the shell scripts, and require explicit approval before commits, pushes, or deployment.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A small edit the user expected the main agent to make directly could instead trigger the swarm process with extra agents and commits.
The advertised invocation boundary says not to use the skill for one-line edits, but the later rule forces dispatch for even one-line project changes, which can redirect simple user requests into a multi-agent workflow.
description: "... NOT for: simple one-liner edits (just edit directly) ..." ... "Even a 1-line fix goes through cc-plan + codex ... Does this touch the project directory? → YES → dispatch to agent. Always."
Resolve the contradictory rules and require explicit user confirmation before invoking the swarm for small or simple edits.
An agent could commit and push unintended files, including untracked local files, or make repository changes without a separate human review step.
The template tells spawned coding agents to run with bypassed permission prompts and then stage all files and push to the remote repository, which is broad mutation authority for an automated agent.
claude --permission-mode bypassPermissions --no-session-persistence ... ... git add -A && git commit -m "[预写好的 conventional commit message]" && git push
Avoid bypassPermissions by default, stage only explicitly scoped files or use safer `git add -u`, and require user approval or CI gates before pushing.
Remote repository changes and provider usage may be attributed to the user or consume the user's quotas.
These commands rely on the user's existing Claude Code and Git credentials/sessions. That is expected for this workflow, but it means actions are performed under the user's identity.
scripts/dispatch.sh cc-frontend T010 ... claude ... ... git add -A && git commit ... && git push
Use least-privilege Git credentials, separate test repositories/accounts where possible, and verify which provider sessions the spawned agents will use.
Users may not realize which local tools and scripts are involved until runtime.
The package includes numerous runnable scripts and expects local tooling, but the registry metadata does not declare source provenance, required binaries, or setup requirements.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Required binaries ... none ... 18 code file(s)
Review the included scripts and declare required binaries, provider CLIs, and provenance before relying on the skill in a real repository.
Incorrect, stale, or sensitive information in these files could influence future agent behavior or expose project details to spawned tools.
The skill stores project context and automatic retrospective records that can be reused by future planning and agent prompts.
`context.md` — 项目背景、架构决策、注意事项 ... `retro.jsonl` — 每个 swarm 任务完成后自动追加的回顾记录
Keep project memory files free of secrets, review them periodically, and treat stored context as untrusted input that needs verification.
A mistaken agent change can quickly propagate to the main branch and affect other work, with limited containment or rollback support.
The included architecture review explicitly identifies that multiple agents push directly to main without CI, locks, or PR isolation, which can allow one bad task to affect the shared branch.
"Main branch only + 原子 commit" ... "没有 CI" ... "两个人同时跑 swarm,两组 agent 往同一个 main 推 commit,文件隔离靠人工保证。没有锁,没有合并冲突检测,没有 CI 卡点。"
Use branches or worktrees, CI checks, batch-level rollback, and human approval gates before merging or deploying swarm-generated changes.
A user may believe review and next-task dispatch are more automatic or reliable than they actually are.
The package itself records that the automation description was materially misleading; related reference material still presents a highly automated workflow, so users may over-trust the safety and completeness of the loop.
H5 — SKILL.md 对自动化程度描述严重误导 ... 实际 on-complete.sh 只发 `openclaw system event` ... 文档严重高估了自动化程度。
Make the automation model explicit and consistent across SKILL.md and reference docs, including what is script-driven, what is AI-driven, and where humans must approve.
Agents or background orchestration may continue operating after the initial task unless the user understands and stops the session lifecycle.
The workflow keeps fixed agent sessions alive, manages dynamic sessions, and can trigger follow-on deployment behavior, showing persistent autonomous activity beyond a single command.
固定 Session(永不自动创建/销毁) ... 任务完成 → on-complete.sh 同步 agent-pool 状态 ... 全部任务完成 → 自动关闭所有动态 session → 触发 codex-deploy
Provide explicit start/stop controls, show active sessions clearly, and require user approval before deployment or other post-completion automation.