Workplace
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is broadly consistent with managing project workspaces, but it creates persistent multi-agent workflows where local project files can become agent instructions and can trigger other agents without clearly defined trust boundaries.
Install only if you want persistent, project-level multi-agent orchestration. Before starting agents or the kernel, review .workplace/agents/*.md and chat.md behavior, use it only in trusted repositories, and be aware that it may write IDE instruction files and persistent memory for the workspace.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A line added to the workspace chat file by mistake, by another local process, or by unreviewed project content could cause the agent system to start or steer another agent with attacker-controlled context.
The skill uses a plain project file, chat.md, as the routing channel for starting other agents. The provided protocol treats sender names as text and does not show authentication, origin validation, or user approval before the next agent is started.
When a handoff message is detected: - Read the full `chat.md` for conversation context - Start the target agent with the handoff context included
Only use this in trusted project directories. Add explicit approval before handoffs start new agents, validate allowed senders and recipients, and keep an audit trail of which file change triggered each agent.
If a workspace or imported project contains untrusted .workplace/agents/*.md files, those files could influence how spawned agents behave.
The sub-agent prompt deliberately incorporates the body of a workspace Markdown agent definition. This is core to the skill, but it means project-local Markdown can become authoritative instructions for spawned agents.
{Body of agent .md file}
Communication:
- Write to .workplace/chat.md to communicate with other agentsReview agent definition files before starting agents, especially in cloned or shared repositories.
Project details may persist beyond the current chat and affect later sessions for the same workplace.
The kernel agent is instructed to persist project summaries and facts into long-term memory. This matches the skill’s isolated-memory purpose, but it creates durable context that may be reused later.
Save structure summaries and key project facts to supermemory using `containerTag: {workplace_uuid}`.Use this only for projects where persistent memory is acceptable, and provide a clear way to review or clear stored memory.
The skill may continue scanning or updating workplace state after being started, until stopped.
The skill defines a persistent kernel agent that monitors and updates workplace state. This is disclosed and purpose-aligned, but users should notice that it is intended to keep operating in the background.
persistent: true ... You run persistently in the background to maintain awareness of the project's file structure
Start persistent agents only when needed, confirm how to stop them, and check process-status.json for running components.
Users may not realize the skill relies on local scripts and a file-watcher server until they read the docs.
The package is described as instruction-only but includes helper scripts and a Rust server workflow. This does not show malicious behavior, but the executable/helper surface is under-declared in the install metadata.
No install spec — this is an instruction-only skill. Code file presence 5 code file(s): scripts/build.sh ... scripts/rust-server/src/main.rs ...
Declare helper command and runtime requirements clearly, and review scripts before building or running the watcher.