HokiPoki
ReviewAudited by ClawScan on May 10, 2026.
Overview
HokiPoki is coherent for routing work to other AI models, but it can share broad project content, auto-apply remote patches, and run a listener using local AI accounts.
Install only if you trust the HokiPoki CLI and understand that it may send project files to remote AI providers and modify local code. Prefer narrow file selections, use --no-auto-apply, review diffs before applying changes, avoid secrets, and run provider/listener mode only with dedicated accounts or trusted workspaces.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A global npm CLI can run with the user's local permissions and will handle the HokiPoki workflow outside this skill's scanned files.
The skill requires installing and authenticating a global external CLI, while no CLI code is included in the artifact set for review.
npm install -g @next-halo/hokipoki-cli hokipoki login
Verify the npm package and publisher before installing, consider using a sandbox or dedicated environment, and pin/review the CLI version where possible.
A remote model's output could change local source files before the user reviews the patch, especially if broad directories or the whole repo are included.
The documented default can apply patches produced by a remote AI/provider directly to local project files; the safer --no-auto-apply option exists but is not made the default workflow.
Patches auto-apply when the target directory is a git repo with committed files.
Use --no-auto-apply by default, require explicit user confirmation before applying patches, and review git diffs before committing or running modified code.
Project code or other private files could be shared with a remote provider or workspace participant if the agent uses broad request options.
The skill can send selected files, directories, or an entire repository to a remote model over the HokiPoki P2P workflow, but the artifacts do not clearly define provider identity, workspace access boundaries, or retention controls beyond high-level claims.
Send a task to a remote AI model... # Whole project (respects .gitignore) ... --all --json
Prefer explicit file lists, avoid sending secrets, verify the destination workspace/provider, and review HokiPoki's privacy and retention terms before using --dir or --all.
Incoming requests may consume or exercise the user's local AI subscriptions and authenticated tool access while the listener is running.
Provider/listener mode relies on local authenticated AI-tool accounts and token stores, and the skill metadata declares no primary credential or scoped permission contract.
Token Location ... Codex ... `~/.codex/auth.json` ... Gemini ... `~/.gemini/oauth_creds.json` Auto-refresh: `hokipoki listen` auto-triggers re-auth if a token is expired.
Use dedicated accounts or tokens where possible, monitor subscription usage, restrict who can send provider requests, and log out or stop the listener when not needed.
The machine may continue handling remote AI requests longer than the user intended, consuming local resources or subscriptions.
The listener is disclosed and purpose-aligned, but it creates an ongoing provider mode that can keep accepting incoming work while it runs.
# Start listening hokipoki listen --tools claude codex
Run listener mode only intentionally, stop it after use, and confirm any workspace/tool restrictions before advertising availability.