ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw CLAUDE BRIDGE

v1.0.0

Use when user asks about Bridge to local Claude Code CLI - no API key required

0· 11·0 current·0 all-time
by@cry779
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description: 'bridge to local Claude Code CLI' matches main functionality, but metadata declares no required binaries/env/configs while SKILL.md and code clearly require the 'claude' CLI and access to the user's OpenClaw workspace (e.g. /Users/mars/.openclaw/...). The skill therefore underdeclares what it needs and will touch.
!
Instruction Scope
SKILL.md and claude_bridge.py create task scripts that call 'claude' with --allowedTools "Read,Edit,Bash" and many tasks' prompts explicitly instruct Claude to read/edit arbitrary files across the user's workspace (other skills, system paths, ~/.openclaw/workspace). The runtime flow writes and executes shell scripts and asks the model to modify files outside the skill directory — scope creep and potential for broad file access/modification.
Install Mechanism
No install spec (instruction-only) which is lower install risk, but the package includes many ready-to-run .sh task scripts and a Python wrapper that creates/executes shell scripts. Those files will be written to disk and executed by subprocess.run when used, increasing runtime risk despite no installer.
!
Credentials
Registry metadata lists no required env vars or config paths, yet code assumes a 'claude' binary is present and task prompts target user workspace paths. The skill also constructs tasks that request file system edits across unrelated projects (agent-memory, a-stock-monitor, kairos-mode). The declared environment footprint is smaller than the actual access needed.
!
Persistence & Privilege
always:false (good), but the skill's tasks explicitly request permission to read and edit many files across the user's workspace and will create/execute shell scripts under skills/claude-bridge/tasks/. That behavior amounts to broad file-system modification ability and can change other skills' code — a significant privilege in practice.
What to consider before installing
This skill is plausible for running a local Claude CLI, but there are clear mismatches and risky behaviors you should weigh before installing: - Inconsistency: metadata claims no binaries/configs required, but SKILL.md and code require the 'claude' CLI and expect access to your ~/.openclaw/workspace and other skill directories. - Broad filesystem actions: many task scripts (tasks/*.sh) and generated scripts ask Claude to read and edit files across the workspace (other skills and core files). The Python wrapper creates and executes shell scripts via subprocess.run. - Effective privileges: although the skill isn't declared 'always' enabled, when invoked it can create/execute scripts that perform wide-ranging edits. That can modify other skills or code in your workspace. Recommendations before using: 1. Inspect the code yourself (claude_bridge.py and tasks/*.sh/.json) and the generated scripts to confirm exactly what will run. 2. Do not run it on a production or sensitive workspace. Try it in an isolated/sandbox environment or throwaway VM/container with a fake ~/.openclaw workspace. 3. If you proceed, ensure file permissions limit its write access, and review all generated task scripts before executing them. 4. Consider whether you want a skill that can instruct the model to use Read/Edit/Bash on arbitrary files — if not, avoid installing. If you want, I can point out the exact lines that create/execute shell scripts and the tasks that ask for full filesystem edits so you can review them more quickly.

Like a lobster shell, security has layers — review code before you run it.

latestvk979zgxyjcr3c5zn6y6pqnrw5h845vbd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis

SKILL.md

Claude Code Bridge

无需 API Key 的 Claude Code 本地集成方案。 通过本地 CLI 调用已安装的 Claude Code,使用现有订阅。

前提条件

  1. Claude Code 已安装: which claude
  2. 已登录 Claude Code: claude --version
  3. 有有效的 Claude 订阅

使用方法

1. 生成代码

from skills.claude-bridge.claude_bridge import generate_code

# 创建代码生成任务
result = generate_code(
    description="Create a function to calculate RSI indicator",
    language="python"
)

print(f"Task ID: {result['task_id']}")
print(f"Script: {result['script_file']}")

2. 执行代码生成

from skills.claude-bridge.claude_bridge import execute_task_local

# 执行任务
output = execute_task_local(result['task_id'])
print(output['output'])

3. 代码审查

from skills.claude-bridge.claude_bridge import review_code

# 创建代码审查任务
result = review_code(['file1.py', 'file2.py'])

# 执行审查
output = execute_task_local(result['task_id'])
print(output['output'])

4. 数据分析

from skills.claude-bridge.claude_bridge import analyze_data

# 创建分析任务
result = analyze_data(
    data_description="Stock price data for AAPL from 2024-01 to 2024-12",
    analysis_type="trend_analysis"
)

# 执行分析
output = execute_task_local(result['task_id'])
print(output['output'])

命令行使用

# 创建任务
python3 skills/claude-bridge/claude_bridge.py create "Generate a Python script to download stock data"

# 执行任务
python3 skills/claude-bridge/claude_bridge.py execute <task_id>

# 查看状态
python3 skills/claude-bridge/claude_bridge.py status <task_id>

# 列出所有任务
python3 skills/claude-bridge/claude_bridge.py list

工作流程

手动执行模式

OpenClaw
    ↓ 创建任务文件
生成 shell 脚本
    ↓ 人工执行
用户运行: bash tasks/task_xxx.sh
    ↓ 读取结果
OpenClaw 获取输出

自动执行模式

OpenClaw
    ↓ 调用 execute_task_local()
本地执行 Claude Code
    ↓ 等待完成
读取结果文件
    ↓
返回结果

注意事项

  1. 需要登录: Claude Code 必须已登录
  2. 订阅有效: 需要有有效的 Claude 订阅
  3. 超时设置: 默认 5 分钟超时
  4. 结果文件: 结果保存在 skills/claude-bridge/results/

与 OpenClaw Agent 集成

# 在 AGENTS.md 中添加

def claude_code_generate(description):
    """使用 Claude Code 生成代码"""
    from skills.claude-bridge.claude_bridge import generate_code, execute_task_local
    
    # 创建任务
    result = generate_code(description)
    
    # 执行任务
    output = execute_task_local(result['task_id'])
    
    return output['output']

def claude_code_review(files):
    """使用 Claude Code 审查代码"""
    from skills.claude-bridge.claude_bridge import review_code, execute_task_local
    
    result = review_code(files)
    output = execute_task_local(result['task_id'])
    
    return output['output']

优势

  • ✅ 无需 API Key
  • ✅ 使用现有订阅
  • ✅ 本地执行,数据安全
  • ✅ 可人工介入
  • ✅ 与 OpenClaw 无缝集成

限制

  • ⚠️ 需要本地安装 Claude Code
  • ⚠️ 需要有效订阅
  • ⚠️ 执行时间较长(需等待 Claude 响应)
  • ⚠️ 不适合高频调用

Files

51 total
Select a file
Select a file to preview.

Comments

Loading comments…