Adaptive multi-agent team for software project reviews. Auto-selects collaboration mode (centralized / domain-lead / peer) and runs a 3-round workflow (facts...
Security Analysis
high confidenceThe skill's instructions, file assets, and required capabilities are coherent with its stated purpose (multi‑agent project reviews); it requests no credentials or external installs, but it will read your project files and write a review file into reviews/{project}-review.md so consider privacy of repository contents.
Name/description describe an orchestrator for multi-agent software reviews and the SKILL.md + reference files implement exactly that: role prompts, mode selection, round protocols, and a canvas template. No unrelated credentials, binaries, or installs are requested.
Runtime instructions require agents to read the project directory (files with file:path:line references), aggregate findings, and create/write a canvas file at reviews/{project-name}-review.md. This behavior is coherent with the stated purpose but means the agent will access arbitrary repository files and embed file paths/line numbers in outputs — which can expose secrets or sensitive paths if present.
No install spec or code files beyond instruction/asset markdown; lowest risk (nothing is downloaded or written by an installer).
The skill requests no environment variables, no credentials, and no config paths. All requested accesses (reading repo files, writing a review file) are proportionate to a code/project review skill.
always:false and normal autonomous invocation settings. The only persistent effect described is writing a review file into the project's reviews/ directory (expected). The skill does not request system-wide configuration changes or other skills' credentials.
Guidance
This skill appears internally consistent for orchestrating multi‑agent project reviews. Before installing or running it: (1) be aware it will read your repository files and include file paths and line numbers in outputs — remove or redact any secrets or sensitive files or run it on a sanitized copy; (2) it will create/write reviews/{project-name}-review.md in your project — ensure you want that file written and have backups or run in a sandbox; (3) because it spawns multiple agent roles (parallel rounds), watch for compute/resource usage if your environment bills for agent runs; (4) there are no external network endpoints or credentials requested by the skill itself, but confirm your agent runtime doesn't automatically transmit repository data elsewhere. If you want stronger guarantees, run the skill on a cloned, scrubbed repo in a controlled environment.
Latest Release
v1.3.1
- Clarified the differences between collaboration modes (centralized, domain-lead, peer) with concrete agent counts, prompts, and workflow paths. - Added mandatory user confirmation checkpoint after mode selection—execution pauses until user approves the chosen mode. - Strengthened instructions for fact-only collection in Round 1, with explicit banned words and error handling. - Specified steps and constraints for creating and storing the review canvas file as a standalone artifact. - Enhanced guidelines for the consensus-building phase, cost estimation, and responsibility assignment. - Expanded troubleshooting section detailing common misuses and system safeguards.
Popular Skills
Published by @joe-rq on ClawHub
