Agent Swarm Workflow
PassAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed multi-agent coding workflow, but users should supervise it because it coordinates several agents that can edit project code and communicate through external tools.
Install only if you intend to run a supervised multi-agent coding workflow. Use a clean branch or worktree, confirm the external tools are trusted, keep secrets out of project instructions and Agent Mail, and review all code changes before merging.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Several agents may make project changes at the same time, increasing the chance of conflicts or unintended edits.
The workflow explicitly spawns multiple coding agents. This is central to the skill’s purpose, but it can multiply the impact of mistakes if run without branch isolation or review.
ntm spawn myproject --cc=3 --cod=2 --gmi=1
Run the swarm in a dedicated branch or worktree, review diffs before merging, and limit the number of agents to what you can supervise.
Agents may exchange project details or task instructions through Agent Mail, so untrusted participants or misconfigured servers could influence the workflow.
The skill relies on inter-agent messaging for coordination. This is disclosed and purpose-aligned, but the artifact does not define message identity, trust boundaries, or what project information may be shared.
Then register with MCP Agent Mail and introduce yourself to the other agents.
Use a trusted Agent Mail server, verify participating agents, and avoid putting secrets or sensitive customer data in inter-agent messages.
One agent’s bad assumption or edit could affect other agents’ work and spread through the project before a human notices.
The workflow asks agents to autonomously pick and execute tasks while coordinating with others. That is expected for this skill, but a mistaken task choice or code change could be propagated across the swarm.
Pick the next bead you can actually do usefully now and start coding on it immediately; communicate what you're working on to your fellow agents and mark beads appropriately as you work.
Use small beads, require tests, checkpoint frequently, and review agent outputs before accepting or merging changes.
The safety and behavior of the workflow depend on external components not included in the reviewed artifact.
The instruction-only skill depends on external tools and a local script path, while the registry metadata declares no required binaries or install spec. This is not malicious evidence, but users must verify those tools separately.
Agent Mail server running (`am` or `~/projects/mcp_agent_mail/scripts/run_server_with_token.sh`) 5. **NTM** available for session management
Install NTM, Agent Mail, Beads, and BV only from trusted sources, and inspect any local scripts before running them.