claude-code-cli
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: claude-code-cli Version: 0.2.0 The skill is classified as suspicious due to its extensive use of the `exec` tool, which grants the OpenClaw agent the ability to run arbitrary shell commands. While the `SKILL.md` provides comprehensive documentation, including explicit safety warnings against dangerous flags (e.g., `--dangerously-skip-permissions`) and sensitive directories, the inherent power of arbitrary command execution presents a significant risk if the agent is compromised or prompted maliciously. There is no evidence of intentional malicious behavior within the skill's instructions, but it enables high-risk capabilities that could be exploited.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Claude Code session could change project files or run coding-related commands without step-by-step confirmation if the user chooses those modes.
The skill teaches use of a shell-executed coding agent that can run in the background and automatically accept edits. This is aligned with the coding-delegation purpose and the no-guardrail mode is labeled dangerous, but it is still high-impact authority.
`background:true command:"claude 'Build REST API for todos'"`; `--permission-mode acceptEdits` — `Auto-accept file edits`; `--dangerously-skip-permissions` — `Full auto, no guardrails`
Use a dedicated git worktree or temporary directory, keep permission prompts on for sensitive work, restrict tools with --allowedTools, set budgets/timeouts, and avoid --dangerously-skip-permissions unless you intentionally want full automation.
Installing the skill also means trusting the Claude Code npm package and whichever version is installed by the package manager.
The skill relies on an external npm package to install the executable it delegates to. That dependency is expected for the skill, but the artifact does not show a pinned package version.
`node` | package: `@anthropic-ai/claude-code` | creates binaries: `claude`
Install from trusted sources, verify the package name and publisher, and pin or review the installed Claude Code version if your environment requires strict supply-chain control.
Information from one coding session may be reused later, including potentially sensitive project context if the user includes it.
The skill advertises reuse of session context and handoff files across conversations. This is useful for long coding work, but retained context can include project details or sensitive instructions.
`Session continuity` — `--continue` / `--resume SESSION_ID` across conversations; `HANDOFF.md pattern` — context continuity across long sessions
Avoid putting secrets in prompts or HANDOFF files, review what context is carried forward, and clear or avoid resumed sessions when switching projects or trust boundaries.
A background coding session can keep running, consuming budget or modifying files until it completes or is stopped.
The skill supports long-running background Claude Code processes. This is the stated purpose and includes monitoring/termination controls, but users should notice that work may continue after the initiating turn.
`background:true` ... `returns sessionId`; process actions include `poll`, `log`, `write`, and `kill`
Use background mode only for intended tasks, keep the returned session ID, poll logs, set timeouts or budgets, and kill sessions that are no longer needed.