Multi Workplace
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill looks purposeful, but it should be reviewed carefully because it can create persistent agents and memory, write IDE instructions, modify multiple project folders, and let chat-file messages start agents.
Install only if you are comfortable with a skill that can write project metadata, spawn sub-agents, maintain project memory, and update IDE instruction files. Before use, review `.workplace/agents/*.md`, inspect generated IDE diffs, avoid running recursive init on broad parent folders without backups, and stop the kernel/file watcher when you do not want ongoing monitoring.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything that can append a valid message to the project chat file could steer or trigger additional agents within that workplace.
The handoff mechanism treats file-watcher messages as routing instructions for spawning agents, but the artifacts do not define sender authentication, provenance checks, or user approval before acting on those messages.
When a handoff message is detected: ... Read the full `chat.md` ... Start the target agent with the handoff context included
Require explicit user approval for chat-triggered agent starts, validate sender and recipient against an allowlist, and record message provenance before routing handoffs.
An unreviewed workplace configuration could leave lasting instructions in coding tools even after the original task is over.
Agent definitions and workplace context can be converted into persistent IDE instructions that always apply, so poisoned or imported agent text can influence future Cursor, Claude Code, or OpenCode sessions.
globs: alwaysApply: true ... Read each `.workplace/agents/*.md` ... Write `.cursor/rules/workplace.mdc`
Show a diff and ask before writing IDE instruction files, sanitize or summarize untrusted agent definitions, and provide a cleanup command for generated IDE context.
One command can modify multiple project directories and registry state, which may surprise users or create unwanted files across repositories.
Running init on a parent directory with child Git repositories recursively initializes child workplaces; the visible script begins those writes without showing a pre-action confirmation or dry-run gate.
echo "🔄 Initializing child workplaces..." ... "$0" "$child_dir" --name "$CHILD_NAME"
Add a dry-run summary and require confirmation before recursively initializing or cross-linking child workplaces.
Custom or imported agent files can strongly shape what sub-agents do.
Local agent Markdown is intentionally promoted into high-authority instructions for spawned sub-agents.
Read the agent's `.md` file ... Build system prompt: ... {Body of agent .md file} ... `sessions_spawn` with this system promptReview `.workplace/agents/*.md` before starting agents, especially in imported or untrusted projects.
The skill may keep monitoring project structure and writing status or memory after being started.
The kernel agent is documented as persistent background behavior with memory writes; start and stop commands are also documented, so this is disclosed but important.
persistent: true ... You run persistently in the background ... save key information to long-term memory.
Start the kernel only for projects where ongoing monitoring is desired, and use the documented stop command when finished.
A build from source may pull newer compatible dependency versions than the author originally tested.
Building the watcher resolves external Rust dependencies using broad version ranges. This is common and purpose-aligned, but it is less reproducible than a pinned lockfile.
notify = "7"
serde = { version = "1", features = ["derive"] }
serde_json = "1"Prefer a reviewed release build or add a committed Cargo.lock and dependency pinning for reproducible builds.