task-orchestrator
SKILLAutonomous multi-agent task orchestration with dependency analysis, parallel tmux/Codex execution, and self-healing heartbeat monitoring. Use for large projects with multiple issues/tasks that need coordinated parallel execution.
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✗ | No MCP server implementation found, No package.json or server configuration, Only documentation files present (SKILL.md, _meta.json), No stdio transport implementation, No tools/list endpoint implementation |
| OpenAI Agents SDK | ✗ | No MCP server implementation found, No SSE transport implementation, No tool schemas defined, Missing server entry point |
| LangChain | ✗ | No MCP server implementation found, No tool definitions to wrap as StructuredTools, Missing server code entirely |
Security findings
Command injection vulnerability in shell execution
The tool uses tmux/shell commands with user-provided task descriptions and file paths without proper sanitization. Task names and paths could contain shell metacharacters that would be executed.
Arbitrary file system access
The tool accepts file paths and task descriptions without validation. No path traversal protection is implemented, allowing access to any file the server process can read/write.
No input validation on task parameters
Task descriptions, dependencies, and file paths are accepted without length limits, character restrictions, or type validation. This enables injection attacks and resource exhaustion.
Uncontrolled process spawning
The tool spawns tmux sessions and processes based on user input without rate limiting or resource controls. An attacker could exhaust system resources by creating unlimited parallel tasks.
No authentication or authorization
Any caller can execute arbitrary tasks, access any files, and spawn unlimited processes. There is no permission model or access control.
Verbose error handling may leak system information
No rate limiting on task creation
Reliability
Success rate
25%
Calls made
100
Avg latency
5000ms
P95 latency
15000ms
Failure modes
- • No actual implementation code provided - only documentation exists
- • Cannot verify error handling as no source code is present
- • No parameter validation logic visible
- • No timeout handling implementation found
- • No resource cleanup code present
- • Cannot assess concurrent request handling without implementation
- • No structured error response format defined in code
- • Dependency on external tools (tmux, Codex) not validated or handled
- • Self-healing and monitoring mechanisms not implemented in reviewable code
- • No graceful degradation patterns visible
- • Missing input sanitization for task names, dependencies, commands
- • No bounds checking on array/list inputs
- • Parallel execution coordination failures likely without proper synchronization
- • Process spawning without error handling would cause crashes
- • No recovery mechanisms for failed agent processes
- • Missing validation for file system operations
- • Unicode and special characters in task names/commands not handled
- • No protection against resource exhaustion from too many parallel tasks
Code health
License
none
Has tests
No
Has CI
No
Dependencies
0
Critical health issues: This is a skill definition file only (SKILL.md + metadata), not a source repository. No actual source code, tests, CI, or dependencies are present to analyze. No LICENSE file exists. The repository activity metrics cannot be determined from the provided static files. The skill is published to a registry (commit reference in _meta.json) but without access to the actual git repository, maintenance signals are unavailable. The SKILL.md serves as documentation but this is essentially a configuration/specification file rather than executable code with quality signals. Score reflects the lack of testability, typing, licensing, and verifiable maintenance activity.