ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Parallel Coding

v1.0.0

使用 git worktree + 编码智能体实现多任务并行开发。当需要同时处理多个开发任务、避免串行等待、或需要在多个分支间快速切换时触发。支持 Claude Code、Codex 等编码智能体的并行调度。

0· 11·0 current·0 all-time
by@hunwenpinghao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The stated purpose (using git worktree to run multiple coding agents in parallel) matches the instructions and examples: creating worktrees, running agents in each worktree, committing, pushing, and creating PRs. That overall workflow is coherent for the described goal. However, the skill never declares the need for git or agent credentials even though the instructions assume the ability to push and create PRs and to invoke remote agent CLIs — an omission that reduces coherence.
!
Instruction Scope
The SKILL.md tells the agent to run third-party agent CLIs (claude, codex, opencode) and explicitly recommends sourcing the user's shell config (source ~/.zshrc). Sourcing shell RC can expose environment variables and secrets. The instructions also recommend a '--permission-mode bypassPermissions' flag, which suggests disabling permission controls; that directly expands the agent's runtime authority beyond normal bounds. The doc expects agents to commit, push, and create PRs but gives no guidance for safe credential handling, scoping, or sandboxing.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes direct install-time risk (nothing is downloaded or written by the skill itself).
!
Credentials
requires.env lists none, but the workflow implicitly needs: (1) credentials for git push/PR (SSH keys or tokens) and (2) credentials/API keys or CLI configuration for the referenced agent CLIs (Claude/Codex/OpenCode). The instructions also tell users to source shell startup files, which can leak secrets stored there. Asking for no declared environment/credential requirements while instructing operations needing secrets is disproportionate and confusing.
!
Persistence & Privilege
The skill itself is not marked always:true, but it explicitly recommends using a '--permission-mode bypassPermissions' flag when invoking coding agents. Combined with the platform's normal ability for agents to invoke skills autonomously, this advice materially increases the risk surface: it encourages disabling runtime permission checks and enabling agents to act with fewer restrictions (e.g., pushing code, creating PRs) without documenting safeguards.
What to consider before installing
This skill's goal (parallel worktrees + coding agents) makes sense, but the instructions recommend actions that can expose secrets and weaken safety controls. Before using it: (1) ask the author to declare required credentials (git remote auth, agent API keys) and explain how those are scoped/stored; (2) avoid sourcing ~/.zshrc or other shell files that may contain secrets — load only the minimal env vars you explicitly trust; (3) do not use any 'bypassPermissions' or similar flags unless you fully understand and accept the risk; (4) prefer least-privilege credentials (deploy keys or repo-scoped tokens) and test on a non-critical repository first; (5) confirm whether the agent CLIs actually perform push/PR operations automatically and require human review steps. If the author cannot justify credential handling and the bypassPermissions recommendation, treat the skill as unsafe to run on sensitive repositories.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cth1kevx4226rcgf2fpaas9843s41

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Git Worktree 并行开发

核心理念

一个仓库,多个工作目录,多个编码智能体同时干活。

方案优点缺点
git stash + checkout简单串行等待,编译缓存丢失
git worktree真正并行,环境隔离目录多,磁盘占用略大

快速开始

# 1. 创建 worktree(基于 main 分支)
git worktree add -b feature-a ../project-feature-a main
git worktree add -b feature-b ../project-feature-b main

# 2. 列出所有 worktree
git worktree list

# 3. 并行派发任务给编码智能体
cd ../project-feature-a && claude --permission-mode bypassPermissions --print '实现用户登录功能'
cd ../project-feature-b && codex '添加数据导出功能'

# 4. 清理 worktree
git worktree remove ../project-feature-a
git worktree prune  # 清理已删除分支的 worktree

工作流程

标准流程

1. 接收多个任务 → 规划 → 拆解
2. 为每个任务创建 worktree
3. 并行派发给编码智能体(Claude Code / Codex)
4. 智能体各自开发、测试、提交
5. 创建 PR/MR,等待审核
6. 审核通过后合并
7. 清理 worktree

命名规范

# 推荐命名:项目名-功能名
../myapp-feature-auth
../myapp-feature-export
../myapp-hotfix-login-bug

编码智能体调用

Claude Code

# 非交互模式(推荐用于并行任务)
cd /path/to/worktree
claude --permission-mode bypassPermissions --print '任务描述'

# 注意:需要先 source shell 配置加载环境变量
source ~/.zshrc && claude --permission-mode bypassPermissions --print '任务描述'

Codex

# 需要交互式终端
codex '任务描述'

OpenCode

# 需要交互式终端
opencode '任务描述'

最佳实践

1. 合并权在用户

智能体只负责开发,不自己合并代码

  • 智能体:开发 → 提交 → push → 创建 PR/MR
  • 用户:审核代码 → 合并到 main

2. 编译缓存保留

大型项目切换分支通常需要重新编译,worktree 各自保留编译缓存:

project-main/build/       ← main 的编译产物
project-feature-a/build/  ← feature-a 的编译产物

3. 及时清理

# 查看所有 worktree
git worktree list

# 删除指定 worktree
git worktree remove ../project-feature-a

# 清理无效引用(分支已删除但 worktree 目录还在)
git worktree prune

4. 冲突处理

如果两个 worktree 修改了同一文件:

  1. 各自独立开发,各自提交
  2. PR 时解决冲突
  3. 或者重新规划任务边界

常见问题

Q: worktree 会复制整个仓库吗?

不会。worktree 共享 .git 目录,只有工作目录是独立的。磁盘开销主要来自工作文件和编译产物。

Q: 可以基于已有分支创建 worktree 吗?

# 基于已有分支
git worktree add ../project-feature existing-branch

# 基于新分支
git worktree add -b new-branch ../project-new main

Q: worktree 之间可以合并吗?

可以,但通常走 PR 流程。直接合并:

cd ../project-main
git merge feature-a

Q: 忘记删除 worktree 怎么办?

git worktree list          # 查看所有 worktree
git worktree prune         # 清理已删除目录的引用

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…