huashu-agent-swarm

Not malware. The script performs local destructive maintenance: automatically merging agent branches into main, force-removing worktrees and deleting branches/directories and lock files. These behaviors are potentially dangerous in normal operational contexts because they can introduce unreviewed code into main and permanently delete data. If run with appropriate trust (on a controlled repository where this behavior is intended) it is acceptable; otherwise it poses a moderate operational risk and should be run with caution, backups, and possibly manual review or interactive confirmations.

The fragment outlines a coherent, ambitious architecture for a self-organizing multi-agent swarm using Git worktrees and an interactive dashboard. While it presents a plausible and potentially powerful workflow for large projects, it carries notable operational and security risks, including unbounded autonomous loops, potential for unreviewed commits, and exposure of internal task/log data through the dashboard. Recommend implementing explicit safety guards (bounded iterations, merge policies, access controls, auditing, input validation) and securing the dashboard (auth, network restrictions) before deploying in a production environment. Overall, classify as BENIGN with MEDIUM-to-HIGH risk pending mitigations.

This file is a high-risk operational policy that, if implemented, grants an in-repo autonomous agent powerful capabilities with minimal oversight. It effectively creates a remote-control vector (HUMAN_INPUT.md -> execute -> git push) and encourages behaviors (automatic installs, retries, commits) that can be abused for supply-chain compromise, data exfiltration, and rapid propagation of malicious changes. The content itself is not a binary malware payload, but it is an enabler of malicious activity and should be treated as dangerous. Recommend: do not deploy as-is; introduce human-in-the-loop approvals, sandbox/least-privilege execution, strict validation of repo-provided instructions, audit logging, and restrict git network rights for autonomous agents.