Parallel Coding
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent parallel-development guide, but it recommends running coding agents with permission bypass and allowing them to commit, push, and create PRs, which deserves careful review.
Use this skill only in repositories where you are comfortable letting coding agents make changes. Prefer avoiding '--permission-mode bypassPermissions', keep worktrees on feature branches, use scoped Git credentials where possible, and manually review diffs, tests, pushes, and PRs before merging.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding agent could make or run changes in the worktree without the usual permission checks, increasing the chance of unintended edits, commands, or repository changes.
The skill explicitly recommends invoking a coding agent with permission bypass for development tasks, reducing or removing normal approval prompts for potentially broad file and command actions.
claude --permission-mode bypassPermissions --print '实现用户登录功能'
Avoid permission-bypass mode unless you fully trust the task and repository context; prefer normal permission prompts, scoped worktrees, and manual review of diffs and commands.
Agents may create persistent remote repository changes such as pushed branches or pull requests, even though final merge is reserved for the user.
The workflow delegates commit, push, and PR/MR creation to coding agents, which may use the user's repository credentials or configured Git hosting access.
智能体:开发 → 提交 → push → 创建 PR/MR - 用户:审核代码 → 合并到 main
Use least-privilege Git credentials, work on non-protected feature branches, and review pushed commits and PR contents before merging.
Parallel agents may edit related files or produce conflicting branches, requiring careful review and conflict resolution.
The skill's core workflow intentionally runs multiple coding agents in parallel across worktrees, which can create conflicting or compounding changes if tasks overlap.
多个工作目录,多个编码智能体同时干活。
Split tasks clearly, keep branches isolated, run tests, and review each PR before merging.