orchestrate

Manages a fleet of Claude Code agents in tmux, automating supervision and task management for efficient parallel processing.

Install this skill

or

7/100

Security score

The orchestrate skill was audited on May 18, 2026 and we found 41 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 168

Template literal with variable interpolation in command context

SourceSKILL.md

168

```bash

medium line 271

Template literal with variable interpolation in command context

SourceSKILL.md

271

```bash

medium line 368

Template literal with variable interpolation in command context

SourceSKILL.md

368

```bash

medium line 607

Template literal with variable interpolation in command context

SourceSKILL.md

607

```bash

medium line 636

Template literal with variable interpolation in command context

SourceSKILL.md

636

```bash

medium line 29

Webhook reference - potential data exfiltration

SourceSKILL.md

29	\| `notify.sh MESSAGE` \| Send notification via Discord webhook (env `DISCORD_WEBHOOK_URL` or state `.discord_webhook`), macOS notification center, and stdout \|

low line 106

Webhook reference - potential data exfiltration

SourceSKILL.md

106	"discord_webhook": "https://discord.com/api/webhooks/...",

medium line 134

Webhook reference - potential data exfiltration

SourceSKILL.md

134	- `discord_webhook` — Discord webhook URL for completion notifications. Also reads `DISCORD_WEBHOOK_URL` env var.

medium line 261

Webhook reference - potential data exfiltration

SourceSKILL.md

261	Optionally add a Discord webhook for completion notifications:

low line 263

Webhook reference - potential data exfiltration

SourceSKILL.md

263	jq --arg hook "$DISCORD_WEBHOOK_URL" '.discord_webhook = $hook' ~/.claude/orchestrator-state.json \

low line 19

Access to hidden dotfiles in home directory

SourceSKILL.md

19	STATE_FILE=~/.claude/orchestrator-state.json

low line 89

Access to hidden dotfiles in home directory

SourceSKILL.md

89	bash ~/.claude/orchestrator/scripts/recycle-agent.sh SESSION:WIN WORKTREE_PATH spare/N

low line 92

Access to hidden dotfiles in home directory

SourceSKILL.md

92	~/.claude/orchestrator-state.json > /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

medium line 95

Access to hidden dotfiles in home directory

SourceSKILL.md

95	## State file (`~/.claude/orchestrator-state.json`)

low line 182

Access to hidden dotfiles in home directory

SourceSKILL.md

182	~/.claude/orchestrator-state.json > /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 258

Access to hidden dotfiles in home directory

SourceSKILL.md

258	> ~/.claude/orchestrator-state.json

low line 263

Access to hidden dotfiles in home directory

SourceSKILL.md

263	jq --arg hook "$DISCORD_WEBHOOK_URL" '.discord_webhook = $hook' ~/.claude/orchestrator-state.json \

low line 264

Access to hidden dotfiles in home directory

SourceSKILL.md

264	> /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 276

Access to hidden dotfiles in home directory

SourceSKILL.md

276	jq --arg w "$LOOP_WINDOW" '.loop_window = $w' ~/.claude/orchestrator-state.json \

low line 277

Access to hidden dotfiles in home directory

SourceSKILL.md

277	> /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 311

Access to hidden dotfiles in home directory

SourceSKILL.md

311	cat ~/.claude/orchestrator-state.json \| jq '.agents[] \| {window, worktree, branch, state, pr_number, checkpoints}'

medium line 327

Access to hidden dotfiles in home directory

SourceSKILL.md

327	\| Context compacted / agent lost \| Send recovery: `cat ~/.claude/orchestrator-state.json \| jq '.agents[] \| select(.window=="WIN")'` + `gh pr view PR_NUMBER --json title,body` \|

low line 332

Access to hidden dotfiles in home directory

SourceSKILL.md

332	jq -r '.agents[] \| select(.state \| test("running\|idle\|stuck\|waiting_approval\|pending_evaluation")) \| .window' ~/.claude/orchestrator-state.json

low line 342

Access to hidden dotfiles in home directory

SourceSKILL.md

342	jq '.agents[] \| {window, state, worktree}' ~/.claude/orchestrator-state.json

low line 364

Access to hidden dotfiles in home directory

SourceSKILL.md

364	jq -r '.agents[] \| "\(.window) \(.state) \(.worktree)"' ~/.claude/orchestrator-state.json

low line 371

Access to hidden dotfiles in home directory

SourceSKILL.md

371	~/.claude/orchestrator-state.json > /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 374

Access to hidden dotfiles in home directory

SourceSKILL.md

374	jq '.loop_window = null' ~/.claude/orchestrator-state.json > /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 378

Access to hidden dotfiles in home directory

SourceSKILL.md

378	jq --arg w "$LOOP_WINDOW" '.loop_window = $w' ~/.claude/orchestrator-state.json \

low line 379

Access to hidden dotfiles in home directory

SourceSKILL.md

379	> /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 391

Access to hidden dotfiles in home directory

SourceSKILL.md

391	SKILLS_DIR=~/.claude/orchestrator/scripts

low line 409

Access to hidden dotfiles in home directory

SourceSKILL.md

409	OBJ=$(jq -r --arg w SESSION:WIN '.agents[] \| select(.window==$w) \| .objective' ~/.claude/orchestrator-state.json)

low line 410

Access to hidden dotfiles in home directory

SourceSKILL.md

410	PR=$(jq -r --arg w SESSION:WIN '.agents[] \| select(.window==$w) \| .pr_number' ~/.claude/orchestrator-state.json)

medium line 423

Access to hidden dotfiles in home directory

SourceSKILL.md

423	> `cat ~/.claude/orchestrator-state.json \| jq '.agents[] \| select(.window=="SESSION:WIN")'`

low line 504

Access to hidden dotfiles in home directory

SourceSKILL.md

504	~/.claude/orchestrator-state.json > /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 530

Access to hidden dotfiles in home directory

SourceSKILL.md

530	~/.claude/orchestrator-state.json > /tmp/orch.tmp && mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

medium line 539

Access to hidden dotfiles in home directory

SourceSKILL.md

539	\| All agents are `done` or `escalated` \| `jq '[.agents[] \| select(.state \| test("running\\|stuck\\|idle\\|waiting_approval"))] \| length' ~/.claude/orchestrator-state.json` == 0 \|

low line 551

Access to hidden dotfiles in home directory

SourceSKILL.md

551	jq '.active = false' ~/.claude/orchestrator-state.json > /tmp/orch.tmp \

low line 552

Access to hidden dotfiles in home directory

SourceSKILL.md

552	&& mv /tmp/orch.tmp ~/.claude/orchestrator-state.json

low line 554

Access to hidden dotfiles in home directory

SourceSKILL.md

554	LOOP_WINDOW=$(jq -r '.loop_window // ""' ~/.claude/orchestrator-state.json)

medium line 705

Access to hidden dotfiles in home directory

SourceSKILL.md

705	16. Poll ALL windows from state file — never hardcode window count. Derive active windows dynamically: `jq -r '.agents[] \| select(.state \| test("running\|idle\|stuck")) \| .window' ~/.claude/orchestr

low line 106

External URL reference

SourceSKILL.md

106	"discord_webhook": "https://discord.com/api/webhooks/...",

Scanned on May 18, 2026

View Security Dashboard

Installation guide →

GitHub Stars 15

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

claude-code backend ml-ai-engineer devops-sre backend-developer development

HIDORAKAI002/ai-workspace-archive