ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Codecast

v4.1.0

Stream coding agent sessions (Claude Code, Codex, Gemini CLI, etc.) to a Discord channel in real-time via webhook. Use when invoking coding agents and wantin...

0· 1.4k·2 current·2 all-time
byAllan Jeng@allanjeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description (stream coding sessions to Discord) matches the shipped scripts, but the skill requires additional runtime capabilities not declared in the registry metadata: Discord bot token usage, webhook storage, GH/gh CLI access (for PR review), and macOS keychain access are referenced in docs/scripts but not listed as required env vars. PR review mode clones repos and runs arbitrary code — coherent with a review feature but raises extra privileges that a user should expect to be explicitly requested.
!
Instruction Scope
Runtime instructions and scripts go beyond just relaying stdout: they advise creating ~/.claude/settings.json to 'bypassPermissions' and use --dangerously-skip-permissions (disabling agent permission checks), clone remote repos and run agents against them, read and post file contents to Discord (potentially leaking secrets), write session breadcrumbs in /tmp, and create/consume named pipes or /proc/<pid>/fd/0 to forward input. These steps can enable exfiltration and remote-driven command execution and are not limited to benign streaming.
Install Mechanism
There is no install spec (instruction-only), and all code is included in the bundle (shell + Python). That lowers remote-install risk, but some runtime dependencies are implied (python3, unbuffer, curl, gh, websocket-client) yet not centrally declared. No external download URLs are used, which is good; however missing dependency declarations mean operators might run the skill without realizing required packages and capabilities.
!
Credentials
Registry metadata lists no required env vars, but SKILL.md and scripts expect/optionally use several secrets and env vars: WEBHOOK_URL/.webhook-url, CODECAST_BOT_TOKEN (or .bot-token), BRIDGE_CHANNEL_ID, BRIDGE_ALLOWED_USERS, CODECAST_RATE_LIMIT, and optional keychain access. The skill also relies on gh CLI authentication for PR review mode. Secrets and credential access are not declared up-front, which is disproportionate to a simple 'stream to Discord' description and hides the credential blast radius.
Persistence & Privilege
always:false (no forced persistence) and user-invocable:false are appropriate. The skill does create /tmp/dev-relay-sessions entries, writes stream.jsonl and breadcrumb files, and the bridge can send signals (os.kill) and write to /proc/<pid>/fd/0 or a named pipe to inject stdin into other processes. Those are powerful runtime privileges (process control and inter-process I/O) — coherent with an interactive relay but worth caution. No evidence the skill modifies other skills or global agent configs beyond its own files.
What to consider before installing
This skill will post live agent activity (including file reads/edits, command outputs, and potentially file contents) to a Discord webhook or channel. Before installing: 1) Review all included scripts (they are shipped with the skill) and understand they can clone repos and run code (PR review mode) and can inject input into/kill agent processes. 2) Do NOT enable the suggested Claude 'bypassPermissions' setting or use --dangerously-skip-permissions unless you fully understand the security impact — it disables model-level protections. 3) Treat any bot token or webhook as sensitive: prefer one-way webhook posting (no BOT token) if you only need relay output; restrict allowed Discord users and channels when using the bridge. 4) Run the skill in a sandbox/container or isolated account, and avoid mounting host secrets into the working directories. 5) If you plan to use PR review or parallel modes, ensure gh/git access is limited and consider running those features on a throwaway runner. 6) The registry metadata omitted several env/credential requirements — expect to supply CODECAST_BOT_TOKEN / .bot-token, a webhook URL file, and gh CLI credentials; only proceed if you accept that scope and have audited the scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9758w1sdrqs4pszf8etf1m6p1818364

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Any binunbuffer, python3

Comments