mini-swe-agent
v1.0.0Autonomously run complex software engineering tasks like bug fixes or feature implementation using the mini-swe-agent CLI with full codebase edits.
⭐ 0· 327·0 current·0 all-time
byc1nder@c1nderscript
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md instructs the agent to run a CLI named 'mini' to perform end-to-end codebase edits, but the registry metadata lists no required binaries, no install steps, and no homepage/source. Asking to run an unproven external tool is not coherent with the 'instruction-only' metadata and provides no justification for how the 'mini' CLI will be obtained or trusted.
Instruction Scope
Runtime instructions explicitly require always using the '--yolo' flag so the tool runs autonomously and performs full codebase edits. There are no safety checks, sandboxing, explicit file/path limits, or requirements for user confirmation. The instructions encourage running the tool against arbitrary project paths (e.g., /src/auth.py), which could result in destructive edits or exfiltration if the external CLI is malicious.
Install Mechanism
There is no install spec and no code files — that lowers installer risk. However, the SKILL.md references an external CLI ('mini') but provides no mechanism or provenance to obtain it. The only install-like content is a local snippet that writes the SKILL.md into ~/.openclaw/skills, which is harmless on its own.
Credentials
The skill declares no required environment variables or credentials, yet its intended function (automated full-repo edits, possibly pushing changes) typically requires repository access and credentials. The absence of declared credentials or guidance for secure credential use is a mismatch and increases risk.
Persistence & Privilege
The skill is not marked 'always: true' and is user-invocable, which is normal. However, the SKILL.md's instruction to 'Always use the --yolo flag' increases the effective autonomy and blast radius if the external 'mini' CLI can act without further confirmation. Autonomy combined with an unknown external binary is risky, though the skill itself does not request persistent elevated platform privileges.
What to consider before installing
This skill tells the agent to run an unknown 'mini' CLI with an explicit autonomous flag ( --yolo ) to edit your codebase. Before installing or invoking it: 1) Do not run or install any 'mini' binary unless you can verify its source (official repo/releases, checksums, or vendor). 2) Ask the skill author for the 'mini' binary's provenance and inspect its code or release artifacts. 3) Require the skill to declare required binaries and any credentials it needs, and to limit scope (specific repo/paths/branches). 4) If you must test, run it in an isolated sandbox or disposable VM, on a cloned repo/branch with backups and no push permissions. 5) Prefer a skill that performs edits via transparent commands (git diffs, PRs) and explicit user confirmation rather than an opaque autonomous CLI. These steps will reduce risk of destructive edits or data exfiltration.Like a lobster shell, security has layers — review code before you run it.
latest
c1nder@c1nderscript
Downloadmini-swe-agent
Run complex software engineering tasks autonomously using the mini-swe-agent CLI.
Description
Use this skill when the user asks to fix a bug, implement a feature, or resolve a GitHub issue that requires end-to-end codebase exploration and editing. This acts as a "sub-contractor" to do the heavy lifting for complex tasks.
Usage
When a complex coding task is requested, formulate a concise, descriptive problem statement and run the mini CLI using a bash tool.
mini --yolo "Fix the authentication logic in /src/auth.py to ensure tokens expire after 3600 seconds"
Rules
Autonomy: Always use the --yolo flag so the agent runs autonomously without waiting for user input.
Formatting: Escape double quotes inside the problem statement if necessary.
Verification: Monitor the output. Once mini finishes, verify the changes if requested by the user.
Scope Limitation: Do NOT use this for simple one-line text replacements or minor typo fixes. Use standard file editing tools for those to save time and compute.
---
### 2. How to Build/Install It
Instead of creating it manually, you can run this single command in your terminal. It will create the necessary OpenClaw skills directory (if it doesn't already exist) and write the `SKILL.md` file directly into it.
```bash
mkdir -p ~/.openclaw/skills/mini-swe-agent && cat << 'EOF' > ~/.openclaw/skills/mini-swe-agent/SKILL.md
# mini-swe-agent
Run complex software engineering tasks autonomously using the mini-swe-agent CLI.
## Description
Use this skill when the user asks to fix a bug, implement a feature, or resolve a GitHub issue that requires end-to-end codebase exploration and editing. This acts as a "sub-contractor" to do the heavy lifting for complex tasks.
## Usage
When a complex coding task is requested, formulate a concise, descriptive problem statement and run the `mini` CLI using a bash tool.
` ` `bash
mini --yolo "Fix the authentication logic in /src/auth.py to ensure tokens expire after 3600 seconds"
` ` `
## Rules
* **Autonomy:** Always use the `--yolo` flag so the agent runs autonomously without waiting for user input.
* **Formatting:** Escape double quotes inside the problem statement if necessary.
* **Verification:** Monitor the output. Once `mini` finishes, verify the changes if requested by the user.
* **Scope Limitation:** Do NOT use this for simple one-line text replacements or minor typo fixes. Use standard file editing tools for those to save time and compute.
EOF
Comments
Loading comments...