Safety Report

Claude Team

Name: Claude Team
Rating: 3 (14 reviews)
Author: jalehman

Orchestrate multiple Claude Code workers via iTerm2 using the claude-team MCP server. Spawn workers with git worktrees, assign beads issues, monitor progress, and coordinate parallel development work.

4,377Downloads

16Installs

14Stars

7Versions

Monitoring & Logging1,579 Networking & DNS1,102 Git & Version Control784

Security Analysis

medium confidence

Suspicious0.04 risk

The skill's documentation expects local MCP server components, binaries, and a launchd plist template that are not declared or bundled; it also instructs use of a '--dangerously-skip-permissions' mode and an external install curl script — the pieces are inconsistent and warrant caution before installing or running anything.

Feb 11, 20262 files5 concerns

Purpose & Capabilityconcern

The stated purpose (orchestrating Claude Code workers via iTerm2) matches many of the instructions (creating worktrees, controlling iTerm2, spawning workers). However the SKILL.md metadata and text require tools not declared in the registry metadata: it references 'mcporter', 'uvx', the 'bd' (beads) CLI, iTerm2 Python API, and a ~/.claude.json config. The registry lists no required binaries or env vars — that mismatch is incoherent and unexplained.

Instruction Scopeconcern

Instructions tell the agent to create git worktrees, run bd show, mark/close issues, commit changes, and run workers with a '--dangerously-skip-permissions' option. They also expect access to user repositories (project_path), ~/.claude.json, and the iTerm2 Python API (which grants control over the terminal). These actions are powerful and go beyond simple orchestration; the documentation does not declare what credentials or protections are used when workers perform issue state changes or commits.

Install Mechanismconcern

There is no formal install spec in the registry, but a provided assets/setup.sh configures a launchd service and expects a plist template 'com.claude-team.plist.template' that is not included in the bundle. setup.sh checks for 'uvx' and directs users to install it via a curl | sh script from astral.sh — fetching and running remote install scripts is high risk. The combination of a missing template and an external install instruction is an integrity/availability concern.

Credentialsconcern

The skill declares no required env vars or primary credential, yet the instructions reference configuration files (~/.claude.json), an implied CLAUDE_TEAM_PROJECT_DIR, and rely on local CLIs (mcporter, bd) which likely need their own credentials/config. In addition, the guidance to use '--dangerously-skip-permissions' suggests bypassing safety controls without justification. Credentials or tokens for issue systems, git remotes, or the MCP server are not described but would be necessary in practice.

Persistence & Privilegenote

always is false (good), but the bundled setup.sh installs a persistent launchd agent (writes to ~/Library/LaunchAgents and loads it). Installing that service requires user approval and grants continuous local network capability (server listening on 127.0.0.1:8766 in examples). Persisting a service is expected for a local MCP server but is a material change to the system and should only be done after inspecting the missing plist template and the server binary invoked by uvx.

Guidance

Things to check before installing or running anything: 1) The package documentation references mcporter, uvx, bd, iTerm2 Python API, and ~/.claude.json, but the registry metadata does not declare those dependencies — verify you have and trust those tools. 2) The assets/setup.sh expects a plist template file (com.claude-team.plist.template) that is not bundled; ask the author for that template and inspect it before running setup.sh. 3) setup.sh suggests installing 'uvx' via a curl | sh installer — avoid running remote install scripts unless you trust the source and have reviewed the installer. 4) The skill recommends using '--dangerously-skip-permissions' for workers — do not enable that flag unless you understand and accept the security implications. 5) Confirm where the MCP server code (the handlers that implement mcporter call claude-team.*) lives and inspect it; this skill is instruction-only and appears to rely on external server code that must be audited. 6) Backup repositories and do these operations in a sandbox (or a disposable VM) first. Absence of static findings does not mean safe — request the missing files and server implementation or use alternative, well-audited tooling.

Latest Release

v1.5.0

Fixed plist: executable is claude-team not claude-team-mcp

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @jalehman on ClawHub