Coding Agent Local
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned with launching local coding agents, but it explicitly recommends no-approval, no-sandbox, full-tool-access modes and background execution.
Use this only for repositories where you are comfortable letting a local coding agent make changes. Avoid --yolo and bypassPermissions unless you explicitly accept the risk, keep work in isolated/version-controlled directories, monitor background sessions, and review all changes before trusting them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could edit files, run commands, or alter a project without normal approval prompts.
The skill explicitly directs use of modes that bypass confirmations, grant full tool access, or remove sandboxing for local coding agents.
For Claude Code (`claude` CLI), use `--print --permission-mode bypassPermissions` ... `--print` mode keeps full tool access and avoids interactive confirmation ... `--yolo` | NO sandbox, NO approvals
Prefer sandboxed/approval-based modes by default, require explicit user confirmation before using bypassPermissions or --yolo, and clearly state which files or commands may be affected.
Users may believe the spawned agent is confined to one folder when it may still be able to access or modify other local files depending on the CLI mode.
A working directory is not the same as a sandbox; paired with no-sandbox/no-approval modes, this wording can overstate the containment provided.
`workdir` | Working directory (agent sees only this folder's context) ... doesn't wander off reading unrelated files
Avoid describing workdir as a security boundary; explain that it is only a starting directory unless the underlying tool’s sandbox is enabled.
A background agent may continue working until it finishes or is stopped, so mistakes can continue accumulating if not monitored.
The skill intentionally runs coding agents as background sessions; it documents polling, logs, and kill controls, so this is disclosed but still important.
bash pty:true workdir:~/project background:true command:"codex exec --full-auto 'Build a snake game'" ... process action:kill sessionId:XXX
Use timeouts, monitor logs, and stop background sessions promptly when they behave unexpectedly.
The skill can cause local commands and coding-agent CLIs to run in the user’s environment when invoked.
Local shell execution is central to the skill’s stated purpose, but users should understand that installing the skill enables the agent to run these local coding commands.
Use **bash** (with optional background mode) for all coding agent work ... `command` | The shell command to run
Run it only in disposable or version-controlled project directories, and review generated changes before committing or deploying.