Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claude Code Dispatch
v1.0.0Invoke Claude Code CLI as a subprocess for coding tasks that require file access, editing, and shell execution
⭐ 0· 345·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the implementation: the skill dispatches prompts to a local Claude Code CLI. Required binaries (claude, jq) and the declared npm/brew installs align with that purpose; there are no unrelated credentials or surprising binaries.
Instruction Scope
SKILL.md and the included script keep scope narrowly to invoking the claude CLI in the specified workdir. The script checks inputs, runs claude with JSON output, and truncates results. However the documentation explicitly directs users to pre-authorize tools (Read/Edit/Glob/Grep/Bash), and notes that Claude Code inherits host environment variables — so the delegated process may be able to read/edit files and run shell commands beyond what the OpenClaw agent itself would do.
Install Mechanism
Install metadata uses standard package managers: npm package '@anthropic-ai/claude-code' for the 'claude' binary and brew install for jq. No arbitrary downloads, IPs, or extract-from-URL steps are present in the manifest.
Credentials
The skill does not request any environment variables itself, which is appropriate. But the SKILL.md and script acknowledge that the spawned Claude process inherits the host environment (including any API keys). That creates a real risk of exposing secrets to the subprocess or to Claude Code if its permissions allow broad filesystem or shell access. Users should treat this as sensitive and confirm the claude tool and its ~/.claude/settings.json are configured with least privilege.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide agent settings. It runs only when invoked.
Assessment
This skill appears to do exactly what it promises — run the local Claude Code CLI to perform file edits and shell work — but that means the subprocess will run with your user's permissions and will inherit environment variables (including API keys). Before installing or running it: (1) confirm the 'claude' binary you install is the official package you trust (inspect package source or vendor), (2) review ~/.claude/settings.json and grant only the minimal tools (avoid granting Bash or broad Read/Edit unless necessary), (3) avoid running the skill in directories containing secrets or private keys, and (4) consider running it in an isolated user account or container if you need to limit blast radius. If you're unsure about the npm package or your environment contains sensitive credentials, treat this skill as high-risk until you audit the local Claude installation and permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk9768dt0t73e93et0sg1x28jgx82zjnn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
Binsclaude, jq
Install
Install jq (brew)
Bins: jq
brew install jq