Agent Swarm Orchestrator

This package is functionally consistent with its stated purpose (automating agent-driven code work), but it deserves caution before installing. Things to consider: 1) Credential surface: The scripts assume you have active auth for Claude (~/ .claude.json), Codex/OpenAI, GitLab (glab/SSH keys), and openclaw; the skill does not declare or restrict these. Only install this into an account whose repo and messaging credentials you trust to be used by automation. 2) Automatic merges and writebacks: The orchestrator can clone, modify, commit, push, create MRs, and merge them (and write back to your Obsidian notes). If you enable the cron jobs or the intent→action mapping, merges may run automatically on agent output. Consider requiring manual approvals for merges or running in a less-privileged repository/account. 3) Bypassing safeguards: The code intentionally uses flags that skip permission prompts and bypass approval/sandbox checks for Claude/Codex — this reduces human review and increases the risk of unsafe code being committed. Remove or review these flags before use. 4) Isolation recommendation: Run this on a dedicated machine/account or with limited-scoped GitLab tokens (least privilege), restrict what projects the registry.json lists, and test on a sandbox repository first. 5) Inspect and adapt: Review and edit the scripts to force explicit confirmations for destructive actions (merge, rebase with conflicts, worktree removal), log and alert to separate channels you control, and ensure notification targets (Telegram chat IDs or webhooks) are correct and trusted. 6) Backup: Back up important repositories and disable automatic cron entries until you are confident in behavior. If you want, I can: (a) list all lines that perform network pushes/merges or modify notes, (b) propose edits to add manual confirmation gates, or (c) generate a minimal safe configuration (registry.json example + reduced-perm cron lines) for a sandboxed test.