fast-claude-code
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is coherent, but it runs Claude Code in background sessions with permission prompts skipped by default and changes project-level Claude hook settings.
Install only if you trust this skill to run Claude Code against the selected project in the background. Prefer `--permission-mode plan`, inspect `.claude/settings.json` before and after Team mode, use trusted callback destinations only, and close tmux sessions when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may edit files or run tools for the requested task without asking for each individual approval.
The default mode runs Claude Code with permission checks skipped; the script also starts it in the background and triggers callbacks after completion.
PERMISSION_MODE="auto" ... CLAUDE_CMD="claude -p --dangerously-skip-permissions"
Use `--permission-mode plan` by default, reserve auto mode for trusted repositories, and confirm the exact project path before running.
A long-running interactive Claude session can continue operating with elevated tool autonomy after the initial launch.
Interactive mode not only uses skipped permissions in auto mode, it programmatically accepts Claude Code's dangerous-permissions warning.
CLAUDE_CMD="claude --dangerously-skip-permissions" ... log_info "Auto-accepting dangerous permissions warning..." ... tmux -L cc send-keys -t "$SESSION" 2
Do not auto-accept dangerous permission prompts; require explicit user confirmation or default interactive sessions to plan mode.
Running Team mode may change how future Claude Code sessions behave in that project and may remove previously configured Stop hooks.
Team mode replaces the project's entire Claude Code Stop hook array rather than only adding its own hook, which can disrupt existing project automation or safety hooks.
# Settings file exists, merge Stop hook (replace entire Stop array)
jq --argjson newHooks "$HOOKS_CONFIG" '
.hooks = (.hooks // {}) |
.hooks.Stop = $newHooks.Stop
' "$SETTINGS_FILE"Preserve existing hooks, add a namespaced hook entry instead of replacing the Stop array, and show users exactly what will change.
Claude Code work may continue after the initiating command returns, until the task completes, times out, or the session is closed.
Background tmux execution and long-running interactive sessions are disclosed and central to the skill, but they are persistent local agent activity the user should monitor.
任务在后台 tmux 会话中运行,完成后自动回调 ... Interactive 模式 - 长时运行任务、需要多轮对话
Review active tmux sessions, close interactive sessions when done, and avoid running multiple high-impact tasks in the same project.
Task descriptions, summaries, filenames, or code-related output can be sent outside the local machine when webhook callbacks are used.
The webhook callback sends the user task and Claude output to a configured HTTP endpoint; this is purpose-aligned callback behavior but may include sensitive project information.
"message": "$MESSAGE_JSON", "output": "$OUTPUT_JSON" ... curl -s -X POST "$WEBHOOK_URL"
Use only trusted callback endpoints and avoid webhook/ntfy callbacks for confidential projects unless you are comfortable sharing the output.