ClawHub

Coder Workspaces

v1.5.5

Manage Coder workspaces and AI coding agent tasks via CLI. List, create, start, stop, and delete workspaces. SSH into workspaces to run commands. Create and monitor AI coding tasks with Claude Code, Aider, or other agents.

3· 4.2k·7 current·8 all-time
byDevCats@developmentcats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (coder), and required env vars (CODER_URL, CODER_SESSION_TOKEN) all align with managing a Coder deployment via the official CLI. Nothing requested appears unrelated to the stated functionality.
Instruction Scope
SKILL.md is instruction-only and confines actions to the coder CLI (list/start/stop/ssh/tasks). This is in-scope. Note: the skill assumes the agent will run coder ssh or coder tasks commands which can execute arbitrary commands inside remote workspaces; the SKILL.md claims those commands run in isolated Coder workspaces rather than on the host — you should verify that isolation in your Coder deployment before granting broad tokens.
Install Mechanism
No install spec or remote downloads; instruction-only skill with links to official Coder docs. Low install risk.
Credentials
Only CODER_URL and CODER_SESSION_TOKEN are required, which is appropriate. However, a session token grants actions on the Coder instance; consider using a token with limited scope, a dedicated service account, and secure storage (OpenClaw config).
Persistence & Privilege
always is false and there are no install scripts or persistent changes. The platform default allows autonomous invocation; combined with a session token this means the skill (when invoked by the agent) can perform actions against your Coder instance without additional prompts. Consider agent confirmation policies for destructive operations (e.g., delete).
Assessment
This skill appears coherent with its purpose, but take these precautions before installing: - Only provide CODER_SESSION_TOKEN that you trust: prefer a least-privilege token or dedicated service account rather than a personal admin token. - Store the token securely (OpenClaw config) and rotate/revoke it if you stop using the skill. - Verify that your Coder deployment actually enforces workspace isolation (so remote commands cannot reach your host or other sensitive resources). - Test read-only commands (e.g., coder list, coder whoami) first to confirm behavior and connectivity. - Require confirmation or limit autonomous actions in your agent policy for destructive commands (delete, restart) to avoid accidental or automated destructive changes. - Install the coder CLI only from your Coder instance or the official docs to avoid tampered binaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk971syep8p6f3yk9r46z62gczh80m983

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏗️ Clawdis
Binscoder
EnvCODER_URL, CODER_SESSION_TOKEN

Comments