parallel-vibe

This code appears to be a legitimate orchestration tool for running multiple 'runners' in isolated per-thread workspaces. It is not obfuscated and contains no obvious hardcoded credentials or hidden backdoors. However, it intentionally allows execution of arbitrary external commands and gives those external processes access to copied workspace files. The main security risks are: (1) arbitrary command execution via 'shell' runner or malicious/compromised runner CLIs; (2) potential data exfiltration because runners receive workspace contents and can send them externally; (3) destructive operations via shutil.rmtree of destination workspaces; (4) symlink policies that, if set to 'keep', can lead to workspace boundary escapes. These are expected features for this kind of tool but make it potentially dangerous if untrusted plans, config, or source directories are used. I assess low probability that this module itself is malware, but medium-high risk that it can be abused for supply-chain or data-exfiltration attacks depending on how it's configured and what runners are invoked.