ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claude-code-cli

v0.2.0

Delegate coding tasks to Claude Code CLI via background process. Use when: building features, reviewing PRs, refactoring codebases, or iterative coding that...

0· 403·1 current·1 all-time
by@atelypham
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description require the 'claude' binary and the install step provides an npm package that creates a 'claude' binary; requested binaries and documented features align with a CLI-based code automation skill.
Instruction Scope
SKILL.md instructs running interactive PTY and headless commands, background sessions, and using options that can add directories, auto-accept edits, or bypass permission prompts. These are coherent for automation/PR review tasks but increase the risk surface if used without restrictions (e.g., --dangerously-skip-permissions, --add-dir, workdir changes, or using exec with elevated:true).
Install Mechanism
Install uses an npm package (@anthropic-ai/claude-code) to create the 'claude' binary — this is an expected install path for a CLI but is a networked package install (moderate trust requirement). No arbitrary downloads or extract-from-URL steps are present.
Credentials
No environment variables, credentials, or config paths are required by the skill metadata. The SKILL.md does not demand unrelated secrets. This is proportionate for a CLI wrapper.
Persistence & Privilege
always:false, user-invocable, and no special config-path accesses are requested. The skill can be invoked autonomously per platform defaults; that normal behavior combined with powerful exec/process actions is worth operator caution but is not itself incoherent.
Assessment
This skill appears to do what it claims: wrap and orchestrate the Claude Code CLI. Before installing, ensure you trust the source of the 'claude' binary/npm package (confirm the package owner and upstream repo). When using the skill, avoid enabling modes that bypass permission prompts or add arbitrary host directories unless you intentionally want the agent to read/write those paths. Do not run background or elevated sessions on sensitive workspaces without constraints, and prefer plan/read-only or acceptEdits with tight workdir and --allowedTools settings for automation. If you need higher assurance, review the upstream npm package and confirm its provenance before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977r8ppxfvd7wm6k0f8m2mrr581z6m8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsclaude

Install

Install Claude Code (npm)
Bins: claude
npm i -g @anthropic-ai/claude-code

Comments