Coder Workspaces
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Coder CLI skill, but it can use your Coder session token to run remote workspace commands, delete workspaces or tasks, and start AI coding tasks.
Install this only if you want OpenClaw to manage your Coder deployment. Protect the Coder session token, use a scoped token if possible, verify the target Coder URL, and require explicit confirmation before workspace/task deletion, restarts, or broad remote commands.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill should understand that the agent can act through the configured Coder account within the token's permissions.
The skill requires a Coder session token and instructs users to make it available to OpenClaw for CLI authentication. This is expected for managing Coder resources, but it grants the agent delegated account access.
"CODER_SESSION_TOKEN": "your-session-token" ... coder login --token "$CODER_SESSION_TOKEN" "$CODER_URL"
Use the least-privileged or shortest-lived token available, verify CODER_URL points to the intended deployment, and revoke or rotate the token when no longer needed.
A mistaken or overly broad request could stop, restart, delete, or modify remote Coder resources.
The skill documents remote command execution and deletion commands, including examples that bypass interactive confirmation with -y. These actions are purpose-aligned but can be high impact if run against the wrong workspace or task.
coder ssh <workspace> -- <command> ... coder delete <workspace> -y ... coder tasks delete <task-name> -y
Ask the agent to confirm the exact workspace or task name before destructive actions, and avoid blanket or ambiguous delete/restart requests.
Created AI tasks may change code or consume workspace resources according to the prompt and template permissions.
The skill can create AI coding tasks that run other agents in Coder workspaces. This is the advertised purpose, but users should recognize that these tasks may continue remotely until monitored, stopped, or deleted.
Coder Tasks runs AI agents (Claude Code, Aider, etc.) in isolated workspaces. ... coder tasks create --template <template> --preset "<preset>" "prompt"
Use specific prompts, monitor task logs, and delete or stop tasks when they are no longer needed.