Claude Code CLI for OpenClaw
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Claude Code CLI setup skill, but users should handle the long-lived OAuth token, global npm install, and agent coding authority carefully.
Install only if you intend to let OpenClaw agents use Claude Code for coding tasks. Verify the npm package source, avoid system-wide or shared token storage where possible, do not print or commit the OAuth token, and review code changes before committing or pushing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is exposed or stored too broadly, someone else could use the user's Claude Code access.
The skill requires a long-lived Claude Code OAuth token for the CLI backend, which is expected for this purpose but gives access under the user's Claude account.
The token must be available as the `CLAUDE_CODE_OAUTH_TOKEN` environment variable.
Store the token in a user-scoped secret store or tightly controlled environment variable, avoid committing or screenshotting it, and revoke/rotate it if exposed.
The installed CLI code comes from npm and may change over time if no version is pinned.
The installer performs a global npm package installation without pinning a version; this is central to installing Claude Code but depends on the npm package source at install time.
npm install -g @anthropic-ai/claude-code
Verify the package source before installing and consider pinning a known-good version in controlled environments.
Agents may read and modify project files through Claude Code when given coding tasks.
The documented OpenClaw configuration exposes Claude Code as a CLI backend with the user's token, allowing agents to use the coding CLI.
"cliBackends": { "claude-cli": { "command": "/usr/bin/claude", "env": { "CLAUDE_CODE_OAUTH_TOKEN": "YOUR_OAUTH_TOKEN_HERE" } } }Use branches, review diffs before committing or pushing, and restrict use to intended project directories.
Incorrect or sensitive content placed in CLAUDE.md could be reused across later coding tasks.
The workflow intentionally uses a persistent project context file, which can influence future Claude Code sessions.
Project Context: CLAUDE.md provides persistent project knowledge across sessions
Keep CLAUDE.md reviewed, avoid storing secrets in it, and update it when project assumptions change.
Users may underestimate normal risks from OAuth token handling and global CLI installation.
The security document includes strong self-attestation language; it should not replace independent review of the actual install, credential, and agent-backend behavior.
Verdict: False positive. This skill contains no malicious code.
Treat the self-assessment as informational only and make an independent decision based on the documented commands and permissions.