claude-code-dispatch

The described dispatch workflow is coherent and aligns with its intended purpose of background Claude Code task execution with multi-agent support and callback-based notifications. While no explicit malicious payload is indicated, the architecture introduces substantial security and privacy considerations due to outbound communications (Telegram, MCP), potential credential handling, and autonomous operation. Key mitigations include enforcing strict secret management, limiting data in notifications, auditing and rate-limiting of tasks, validating provenance of all scripts, and ensuring explicit user consent for external communications. Overall, the design is plausible but warrants strong runtime controls to prevent data leakage and misuse.