Ask Claude
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill delegates work to Claude Code but disables normal permission prompts, relies on an unreviewed local wrapper script, and makes overbroad privacy claims.
Install only if you are comfortable letting an agent run Claude Code over selected directories with permission prompts bypassed. Verify the referenced wrapper script before use, avoid sensitive workdirs, and assume prompts/project context may be processed by Claude and retained in local Claude session history.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may edit files or run commands without the normal permission prompts the user might expect.
The skill instructs the agent to run Claude Code with permission bypass enabled, while the description says Claude Code may use file editing, code analysis, and bash.
claude --permission-mode bypassPermissions --print "task"
Avoid bypassPermissions by default; require explicit user approval for file edits, shell commands, and destructive or account-impacting actions.
The agent could execute unreviewed local code whose behavior is unknown from the submitted skill artifacts.
The primary command executes a wrapper script from a fixed local path, but that script is not included in the file manifest or install spec for review.
OUTPUT=$(/home/xmanel/.openclaw/workspace/run-claude.sh "prompt" "/workdir")
Include the wrapper script in the package, document its provenance, or use only the fully shown direct command.
A user may incorrectly believe their prompts and project files stay fully local when using this skill.
These strong privacy claims conflict with the skill's core behavior of delegating prompts and workdir context to the Claude Code CLI.
Safe execution: no data exfiltration, no external calls ... Never send data to external servers
Clearly state what data Claude Code may receive, where it is processed, and which privacy guarantees are actually enforced.
Tasks may run under the user's existing Claude account or CLI session, with unclear account scope, auditability, or usage implications.
The skill invokes the locally installed Claude CLI but declares no primary credential or account boundary, so execution may rely on an existing local Claude session/profile without clear disclosure.
env -u CLAUDECODE claude --permission-mode bypassPermissions --print
Declare the credential/session dependency and tell users how to choose, verify, or isolate the Claude CLI account used by the skill.
Future Claude tasks in the same workdir may be influenced by prior prompts, files, edits, or sensitive context.
The skill intentionally uses persistent sessions with retained context, which is purpose-aligned but can preserve sensitive or stale information across later tasks.
Claude Code stores sessions per-directory in `~/.claude/projects/` ... same file context, same conversation history, same edits.
Use new sessions for unrelated or sensitive work and provide clear instructions for clearing stored Claude session context.