ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ask Claude Skill

v1.1.1

Delegate a task to Claude Code CLI and immediately report the result back in chat. Supports persistent sessions — Claude Code remembers previous context with...

0· 225·0 current·0 all-time
by@0xmanel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: the SKILL.md and run-claude.sh invoke the local `claude` CLI, support --continue for persistent sessions, and capture stdout/stderr. Requiring the claude binary is proportionate to the stated purpose.
Instruction Scope
Instructions explicitly tell the agent to run the claude CLI (or the run-claude.sh wrapper), unset CLAUDECODE, and use `--permission-mode bypassPermissions`. They also document session storage under ~/.claude/projects/ and default workdirs under /home/xmanel. This is coherent with the skill's purpose, but means Claude (via the CLI) will have access to files in the chosen workdir and any session history stored in the user's home — which can expose secrets from those directories if present.
Install Mechanism
No install spec is present (instruction-only plus a small wrapper script). Nothing is downloaded or written by an installer; the only runtime requirement is that the official `claude` CLI is installed and authenticated.
Credentials
The skill declares no required env vars (appropriate). The instructions and wrapper intentionally unset CLAUDECODE (env -u CLAUDECODE) before launching claude; this is consistent with avoiding nested-session errors but is worth noting. No unexpected credentials or unrelated environment access are requested.
Persistence & Privilege
The skill uses Claude Code's persistent sessions (per-directory storage in ~/.claude/projects/) to implement --continue behavior. The skill itself does not request always:true and does not modify other skills. However, persistent sessions mean the agent (via Claude) can access historical session data and files within the workdir, increasing the scope of what is read and potentially reported back.
Assessment
This skill is coherent with its stated purpose, but review these before installing: 1) Confirm you want the agent to run your local `claude` CLI — anything in the chosen workdir can be read by Claude and returned in chat. 2) Check and, if needed, change the default workdir (/home/xmanel/.openclaw/workspace) used by the wrapper so it doesn't point at a directory containing secrets. 3) Be aware the wrapper passes `--permission-mode bypassPermissions` to the CLI — verify what that flag does for your installed claude CLI/version. 4) Install and trust the official Claude Code CLI from its vendor; verify authentication (claude login) is performed separately. If you want to limit risk, run the skill in an isolated workdir with no sensitive files or avoid using --continue/persistent sessions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706q2bf9rbsv0feeratbssbs82thh1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Any binclaude

Comments