Coding Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for delegating coding work, but it needs review because it encourages background coding agents that can auto-approve changes or run without a sandbox.
Install only if you are comfortable letting your agent launch local coding CLIs from the shell. Prefer sandboxed runs in a temporary branch or worktree, avoid `--yolo` unless you explicitly approve the risk, and always monitor and stop background sessions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding agent could make broad project changes or run commands without stopping for review, and `--yolo` removes sandbox protection.
The skill explicitly documents and demonstrates modes that let a delegated coding agent modify or execute in the project without approval, including an unsandboxed background example.
`--full-auto` — `Sandboxed but auto-approves in workspace`; `--yolo` — `NO sandbox, NO approvals (fastest, most dangerous)` ... `bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"`
Require explicit user confirmation before `--full-auto`, `--yolo`, or background execution; prefer sandboxed runs, temporary branches/worktrees, clear timeouts, and manual review before applying changes.
Users may believe the agent is limited to one folder when an unsandboxed process could potentially access or affect more of the local environment.
The documentation may cause users to over-trust `workdir` as a containment boundary, while the same skill describes an unsandboxed/no-approval mode where the process is not strongly limited to that directory.
`workdir` — `Agent sees only this folder's context` ... `doesn't wander off reading unrelated files` ... `--yolo` — `NO sandbox, NO approvals`
Clarify that `workdir` is only the starting directory, not a security boundary; recommend true sandboxing, least-privilege worktrees, and avoiding `--yolo` unless the user explicitly accepts the risk.
A coding agent may continue running after the initial request, consuming resources or continuing work until it exits or is killed.
The skill intentionally starts long-running background agent sessions. It also discloses monitoring and termination commands, so this is purpose-aligned but operationally important.
`background` — `Run in background, returns sessionId for monitoring` ... `For longer tasks, use background mode with PTY` ... `process action:kill sessionId:XXX`
Monitor background sessions with logs/polling and kill them when the task is complete or unexpected behavior appears.