Lattice
ReviewAudited by ClawScan on May 10, 2026.
Overview
Lattice is a transparent template-based multi-agent project pipeline with no install code, but it creates persistent project memory and can guide cron-scheduled sub-agents, so use it with clear limits.
Before installing, decide which workspace the ORG directory may manage, keep secrets out of project memory and logs, review the generated pipeline configuration, and enable cron, peer consult, and auto-triage only when you are comfortable with ongoing autonomous project work.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the pipeline can create sub-agent sessions that read and modify project files according to the configured phase prompts.
The orchestrator template explicitly delegates phase work to spawned sessions. This is central to the skill's purpose, but it can launch multiple model sessions that perform project work and consume tokens.
Delegate ALL work via `sessions_spawn` ... sessions_spawn(agentId=roles[phase].agentId, model=roles[phase].model, task=Filled Prompt)
Configure only trusted agents and models, start with manual runs, and review generated tasks and outputs before enabling scheduled automation.
Scheduled orchestrators can keep running after setup, causing ongoing file changes, model usage, and project state updates.
The skill is designed for long-running, scheduled autonomous operation across projects. This is disclosed and purpose-aligned, but it is persistent agent activity.
Multi-project parallel execution — Run multiple projects simultaneously, each with its own cron-scheduled orchestrator.
Enable cron only for projects you intend to automate, use conservative schedules, and keep an easy way to pause or disable the orchestrator.
Incorrect, stale, or sensitive information placed in these files can influence future agent work across sessions.
The framework intentionally stores durable organizational, department, and project memory that future agents read and trust.
Goal: Agents don't rely on "remembering" — the process automatically persists knowledge to inheritable locations.
Keep the ORG directory access-controlled, review important updates, and follow the template's own rule not to store secrets, tokens, or passwords.
Private code or logs may be shared with multiple configured model sessions during troubleshooting.
The peer-consult flow can send code, logs, and error context to several consultant model sessions. This is disclosed and purpose-aligned, but it expands where project context is processed.
Collect error context: Failure logs + relevant code + error msg + tried approaches ... For each model in config.peerConsult.consultModels, spawn consultant in parallel
Do not include secrets in logs or code snippets, choose approved models/providers, and disable peer consult for sensitive projects if needed.
A project may proceed with relaxed requirements or deferred work until a later review catches it.
Auto-triage can relax constraints or defer tasks and then continue the pipeline. The artifacts include guardrails, but this can propagate imperfect decisions into later phases.
IF decision == "RELAX" ... Re-spawn original phase task with relaxed constraints ... IF decision == "DEFER" ... continue with remaining tasks
For critical projects, require human approval for RELAX or DEFER decisions, lower the allowed limits, or disable auto-triage.