Claude Code Dispatch
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is transparent about delegating work to Claude Code, but it grants a subprocess broad file-editing, shell, and credential-bearing environment access that users should review before enabling.
Install only if you intentionally want OpenClaw to delegate coding work to Claude Code with local file access. Before use, restrict Claude Code permissions, run it in a clean environment with only needed secrets, choose a narrow project workdir, and avoid enabling Bash or broad edit access unless you have reviewed the task.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code could read or modify files and run allowed shell commands in the selected working directory as part of a dispatched task.
The skill is designed to run another coding agent non-interactively with pre-approved tools, including file editing and optional Bash execution, so high-impact actions may occur without per-action user confirmation.
The host's `~/.claude/settings.json` must pre-authorize the tools this skill will use... Without pre-authorized permissions, Claude Code will fail in non-interactive mode because it cannot prompt for approval.
Use a narrowly scoped work directory, keep Claude Code permissions limited, avoid broad Bash permissions, and require explicit user approval before invoking editing or shell-enabled tasks.
Secrets and account authority present in the local environment may be available to Claude Code and to any shell commands it is allowed to run.
The subprocess uses the host's authenticated Claude Code setup and receives the host environment, including possible API keys, without documented filtering or scoping.
Claude Code must be installed and authenticated on the host machine... Claude Code inherits environment variables from the host, including any API keys loaded by `load-openclaw-env` or similar scripts.
Run the skill from a clean, minimal environment, avoid loading unrelated secrets, and document or restrict which credentials Claude Code is allowed to use.
Installing or using the wrong CLI package would give a local executable access to files and environment variables.
The skill depends on an external npm-installed Claude Code CLI and brew-installed jq, which is expected for the purpose but should be verified by the user.
"install":[{"id":"claude","kind":"npm","package":"@anthropic-ai/claude-code","bins":["claude"],"label":"Install Claude Code (npm)"},{"id":"jq","kind":"brew","formula":"jq","bins":["jq"],"label":"Install jq (brew)"}]Install Claude Code only from the official trusted source and verify the binary on PATH before using this skill.
Prompts and code context may be processed by Claude Code while completing delegated tasks.
The skill intentionally sends task prompts to a separate Claude Code agent that can inspect project files; this is purpose-aligned but creates a data boundary users should understand.
Delegate coding tasks to Claude Code CLI... file editing, shell commands, multi-file debugging, code review with file access
Use this only for repositories and files you are comfortable exposing to Claude Code, and avoid dispatching tasks over confidential data unless your Claude Code data policy permits it.