Three Minds
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a real multi-agent coding tool, but it runs Claude Code agents with permission checks disabled, so users should review it carefully before use.
Only install this if you are comfortable letting multiple Claude Code agents edit and run code in your project. Use a git branch, container, or disposable checkout; avoid sensitive environment variables; inspect generated transcript files before committing; and consider modifying the code to remove --dangerously-skip-permissions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistake, prompt injection in the project, or overly broad task could cause autonomous file changes or command execution without the normal Claude Code approval prompts.
The tool launches Claude Code with permission confirmations disabled while the skill instructs agents to modify files and run tests.
'--dangerously-skip-permissions', // 跳过权限确认(自动接受)
Use only in a disposable branch or sandbox, review the task and configs first, and prefer removing --dangerously-skip-permissions or requiring per-action approvals.
The skill depends on a local executable named claude and runs it inside the selected project directory.
The implementation runs an external Claude Code CLI process. This is expected for the stated purpose, but it is still local command execution.
const result = spawnSync('claude', [
'--print',
'--output-format', 'text',Ensure the claude binary is the trusted Claude Code CLI, and run the skill only in projects where autonomous code execution is acceptable.
Any secrets available in the environment may be visible to the spawned process and to commands it runs.
The spawned Claude process inherits the caller's environment, which may include tokens or other credentials, and it also relies on the user's local Claude Code setup.
env: { ...process.env },Run with a clean environment and least-privileged credentials, especially when working on sensitive repositories.
The transcript may retain code snippets, file paths, task details, or sensitive text and could accidentally be committed or shared.
The skill writes full agent responses to a markdown transcript in the project directory.
content += resp.content + '\n\n'; ... fs.writeFileSync(filepath, content);
Review generated three-minds-*.md files before committing, add them to .gitignore if needed, and avoid running the skill on secrets-heavy projects.
Users may not realize they need to install and trust a local CLI package and Claude Code executable before using the skill.
The registry metadata under-declares the package/runtime shape: the included package and SKILL.md describe a Node CLI that requires the Claude Code binary.
Version: 0.1.0 ... No install spec — this is an instruction-only skill. ... Required binaries (all must exist): none
Verify the source, package version, dependencies, and required Claude Code installation before running it.