Codehooks Backend
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about its purpose, but it gives an agent broad admin power to deploy live backend code, access backend data, and run persistent jobs without built-in human approval.
Use this skill only if you are comfortable giving an agent backend admin authority. Prefer a dedicated non-production Codehooks project and token, require explicit approval before deploy/import/export actions, validate callback URLs, monitor logs and running jobs, and clean up workflows or scheduled tasks when they are no longer needed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or compromised agent action could publish unsafe code, break a live service, or change backend behavior without a final human check.
The skill intentionally gives the agent non-interactive authority to deploy code to a live backend, which is high-impact and lacks a built-in approval or rollback workflow.
Your agent can write JavaScript/TypeScript code and deploy it to a live serverless backend in 5 seconds. No human intervention required — the agent iterates autonomously.
Use this only with an isolated/staging Codehooks project unless you explicitly approve production use; require human approval for deploy/import/export operations and keep rollback instructions available.
Anyone or any agent process with the token could administer the backend and access or modify its data within the token's scope.
The documented credential is an admin token that enables deployment, data queries, and backend management; the artifacts do not describe least-privilege scoping, rotation, or environment separation.
Give the admin token to your agent. ... coho deploy --admintoken $CODEHOOKS_ADMIN_TOKEN ... The agent can now deploy code, query data, and manage the backend.
Use a dedicated project/token with the minimum privileges available, keep it out of shared logs, rotate it regularly, and avoid giving a production admin token to autonomous agents by default.
A deployed job or workflow may continue consuming resources, calling services, or mutating data after the user has moved on.
The skill's intended deployments can persist and execute independently after the initiating agent session, and the artifacts do not provide cleanup, expiration, or stop controls.
Scheduled jobs that run 24/7 ... Workflows let your agent kick off multi-step processes that run independently
Track every deployed job/workflow, set explicit timeouts and quotas, and document how to disable or remove remote jobs when the task is finished.
If this template is exposed or copied as-is, workflow results could be sent to an unintended endpoint, and the backend could make outbound calls to attacker-chosen URLs.
The workflow example accepts a callback URL from request data and later posts workflow results to it without visible validation or allowlisting.
callbackUrl: req.body.callbackUrl ... await fetch(data.state.callbackUrl, { method: 'POST', ... result: data.state.result })Authenticate the workflow-start endpoint, validate and allowlist callback destinations, and avoid sending sensitive result data in callbacks unless the destination is trusted.
Project logs, collection names, counts, or error messages could be exposed to the agent context and retained in transcripts or summaries.
The diagnostic workflow can pull backend metadata and logs into the agent's context; this is useful for debugging but may include sensitive operational details.
`coho doctor` ... returns structured JSON covering database collections with document counts, deployment history, queue and worker status, and recent error logs. Always run it when joining an existing project or debugging issues.
Review diagnostic output for secrets or personal data, redact sensitive logs, and limit agent access to projects where that context sharing is acceptable.
The behavior ultimately depends on the installed Codehooks CLI version and its provenance.
Setup depends on an external global CLI installation; this is expected for the integration, but the supplied skill artifacts do not pin or vendor that dependency.
npm install -g codehooks
Install the CLI from the official source, keep it updated, and verify which version is present before granting it an admin token.