fast-claude-code
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: fast-claude-code Version: 1.0.5 The skill bundle automates Claude Code tasks using tmux and background monitoring, but it employs several high-risk patterns. Most notably, it uses the `--dangerously-skip-permissions` flag in `modes/single.sh`, `modes/interactive.sh`, and `modes/team.sh`, which allows the underlying AI agent to execute arbitrary shell commands without user confirmation. Furthermore, `modes/team.sh` dynamically modifies the local `.claude/settings.json` to install a custom shell hook (`.claude/hooks/on-stop.sh`) that executes upon task completion. While these behaviors are technically aligned with the stated goal of 'Fast' background automation, the combination of unmediated tool execution, modification of local configuration files, and the use of external callbacks (webhooks, ntfy) creates a significant security risk and a broad attack surface for potential prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may edit files or run tools for the requested task without asking for each individual approval.
The default mode runs Claude Code with permission checks skipped; the script also starts it in the background and triggers callbacks after completion.
PERMISSION_MODE="auto" ... CLAUDE_CMD="claude -p --dangerously-skip-permissions"
Use `--permission-mode plan` by default, reserve auto mode for trusted repositories, and confirm the exact project path before running.
A long-running interactive Claude session can continue operating with elevated tool autonomy after the initial launch.
Interactive mode not only uses skipped permissions in auto mode, it programmatically accepts Claude Code's dangerous-permissions warning.
CLAUDE_CMD="claude --dangerously-skip-permissions" ... log_info "Auto-accepting dangerous permissions warning..." ... tmux -L cc send-keys -t "$SESSION" 2
Do not auto-accept dangerous permission prompts; require explicit user confirmation or default interactive sessions to plan mode.
Running Team mode may change how future Claude Code sessions behave in that project and may remove previously configured Stop hooks.
Team mode replaces the project's entire Claude Code Stop hook array rather than only adding its own hook, which can disrupt existing project automation or safety hooks.
# Settings file exists, merge Stop hook (replace entire Stop array)
jq --argjson newHooks "$HOOKS_CONFIG" '
.hooks = (.hooks // {}) |
.hooks.Stop = $newHooks.Stop
' "$SETTINGS_FILE"Preserve existing hooks, add a namespaced hook entry instead of replacing the Stop array, and show users exactly what will change.
Claude Code work may continue after the initiating command returns, until the task completes, times out, or the session is closed.
Background tmux execution and long-running interactive sessions are disclosed and central to the skill, but they are persistent local agent activity the user should monitor.
任务在后台 tmux 会话中运行,完成后自动回调 ... Interactive 模式 - 长时运行任务、需要多轮对话
Review active tmux sessions, close interactive sessions when done, and avoid running multiple high-impact tasks in the same project.
Task descriptions, summaries, filenames, or code-related output can be sent outside the local machine when webhook callbacks are used.
The webhook callback sends the user task and Claude output to a configured HTTP endpoint; this is purpose-aligned callback behavior but may include sensitive project information.
"message": "$MESSAGE_JSON", "output": "$OUTPUT_JSON" ... curl -s -X POST "$WEBHOOK_URL"
Use only trusted callback endpoints and avoid webhook/ntfy callbacks for confidential projects unless you are comfortable sharing the output.