ClawHub
Back to skill
v1.0.0

Agent Swarm Workflow

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

This workflow is not malicious, but it should be reviewed carefully because it tells multiple AI agents to coordinate and edit a codebase with limited built-in approval or containment guidance.

GuidanceUse this skill only if you intentionally want a supervised multi-agent coding workflow. Run it in an isolated git branch or worktree, verify the external tools, restrict Agent Mail to trusted agents, monitor spawned sessions, and require human review before accepting, merging, or deploying any changes.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Pick the next bead you can actually do usefully now and start coding on it immediately ... fix or revise them if necessary ... Don't restrict yourself to the latest commits, cast a wider net

The workflow grants agents broad code-modification authority and encourages immediate autonomous edits, including edits to other agents' work, without explicit human approval or containment steps.

User impactAgents could make wide, conflicting, or unintended changes to the project before a human reviews them.
RecommendationUse this only in an isolated branch or disposable worktree, require human review before merges or deployments, and add explicit limits on which beads/files agents may change.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
ntm spawn myproject --cc=3 --cod=2 --gmi=1 ... Keep running this until they stop finding bugs.

The workflow intentionally creates multiple agent sessions and can keep them iterating; this is disclosed, but the artifact does not include explicit stop or teardown instructions.

User impactMultiple agent sessions may continue consuming resources or making changes until the user actively supervises and stops them.
RecommendationTrack all spawned sessions, set clear completion criteria, and shut down NTM/tmux agents when the workflow is finished.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Agent Mail server running (`am` or `~/projects/mcp_agent_mail/scripts/run_server_with_token.sh`) ... NTM available for session management

The skill depends on external local tools and a referenced helper script that are not included in the artifact set; this is expected for an instruction-only workflow but requires user-side provenance checks.

User impactThe safety of the workflow depends partly on the user's installed NTM, Agent Mail, Beads, and BV tooling.
RecommendationVerify those tools are installed from trusted sources and match the expected versions before using the workflow.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
register with MCP Agent Mail and introduce yourself to the other agents ... check your agent mail and ... respond if needed to any messages

The workflow relies on MCP Agent Mail for coordination among agents, but the visible instructions do not specify trust boundaries, message origin checks, or what project information may be shared.

User impactProject details and task coordination may be shared through the Agent Mail system, and untrusted peer messages could influence agent behavior if the environment is not controlled.
RecommendationUse Agent Mail only with trusted local agents, restrict access to the mail server, and instruct agents not to treat peer messages as authority to make high-impact changes without verification.