Claude Code Orchestrator (tmux-first)
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated tmux-orchestration purpose, but it runs background Claude Code sessions with permissions bypassed and broad shell/SSH authority, so it needs careful review before use.
Install only if you intentionally want a background Claude Code runner. Use it in a disposable worktree or clean git branch, verify the workdir and SSH host, avoid secrets in transcripts, monitor the tmux session, and be ready to kill the session or revert changes if the task drifts.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A task can run tools and change project files without per-action confirmation, so a wrong prompt, wrong directory, or unexpected Claude Code behavior could cause broad changes.
The normal workflow explicitly bypasses Claude Code permission prompts while delegating a development task to another agent.
Launch `claude --dangerously-skip-permissions` in interactive mode.
Use only in a clean git branch or sandboxed worktree, require explicit user approval for this mode, and prefer normal Claude Code permissions or a narrower allow-list where possible.
A path containing shell metacharacters or an incorrectly constructed workdir could cause unintended commands to run in the tmux session.
The user-supplied workdir is inserted into a shell command without shell-quoting before the command is submitted in tmux.
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -l -- "cd $WORKDIR && export https_proxy=http://127.0.0.1:6152 http_proxy=http://127.0.0.1:6152 all_proxy=socks5://127.0.0.1:6153 && claude --dangerously-skip-permissions"
Validate workdir values and shell-quote them, for example by using `cd -- "$WORKDIR"` in a generated script or `printf %q`/`shlex.quote` before sending commands to tmux.
A Claude Code task may continue consuming resources or modifying files after the user stops watching unless the session is explicitly checked or killed.
The skill starts detached tmux sessions that can keep running outside the immediate chat turn.
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
Add a clear timeout, cleanup command, and explicit user confirmation before starting or restarting long-running sessions.
If pointed at a sensitive SSH alias or production host, the skill can exercise that account's remote privileges for coding tasks.
Remote mode uses the user's SSH/scp access to copy files and run tmux/Claude Code on another host.
scp -q "$PROMPT_FILE" "${SSH_HOST}:${REMOTE_REF}"Use a dedicated, least-privilege SSH account or development host, and confirm the target alias and workdir before running remote tasks.
Recent task output may include code, file paths, errors, or secrets and could be forwarded for summarization.
The documented summary workflow can send task JSON to the OpenClaw gateway; the same section states entries include `lastLines`, which are recent tmux transcript lines.
bash {baseDir}/scripts/list-tasks.sh --json | \
openclaw gateway call summarize-tasks --stdinReview transcript content before sending summaries, keep captured line counts low, and avoid running this on sessions that may display secrets.
Task names and delivery history can persist across runs and may reveal project context or affect future reconciliation output.
The package includes persistent delivery-state files with task labels and timestamps, and the reconciler updates similar state.
"tasks": {
"ccmerge-next-steps": {
"deliveredReportMtime": 1771079894,Clear packaged state on install if it is not needed, and document what state is stored, where, and how to reset it.
Users may not realize what local tools and trust assumptions are required until execution time.
The registry metadata provides no upstream source/homepage and does not declare runtime binaries, even though the included scripts invoke multiple local tools.
Source: unknown Homepage: none Required binaries (all must exist): none
Declare required binaries and provenance in metadata, and verify the bundled scripts before use.