Agenter Coder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Agenter Coder appears purpose-aligned, but it delegates coding work to an external autonomous agent that can change files and run commands in the selected project.
This looks like a legitimate coding-delegation skill. Before installing, make sure you trust the Agenter package, use a scoped workspace or git branch, keep sandboxing enabled, set cost/time/token limits, and avoid the no-sandbox OpenHands backend unless you run it in an isolated environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding request can modify files and run commands in the chosen workspace.
This clearly discloses that the skill delegates workspace reads, file edits, and shell execution to another agent process. That is expected for a coding-delegation skill, but it can materially affect the user's project before the final result is shown.
The sub-agent does all the file reading, editing, and bash execution in its own process. You only see the final result.
Use it in a clean git branch or disposable worktree, keep sandboxing enabled, set narrow --allowed-write-paths when possible, and review diffs before trusting the result.
If the OpenHands backend is chosen, generated or agent-driven code may run without the skill's normal sandbox flag.
The optional OpenHands backend is disclosed as requiring unsandboxed execution. It is not the default backend, but selecting it increases the execution blast radius.
openhands ... Full code execution in an OpenHands runtime environment. ... No sandbox support — must use `--no-sandbox`.
Prefer the default sandboxed backend for routine use. If OpenHands is needed, run it in an isolated container or disposable environment.
The skill's main behavior depends on code outside the provided artifacts.
The core implementation is delegated to an external dependency with a lower-bound version rather than a pinned exact version. This is disclosed and purpose-aligned, but future package changes could alter behavior.
agenter>=0.1.2
Install from a trusted package source, consider pinning an exact reviewed version, and review the Agenter package before using it on sensitive projects.
Using the skill can consume API quota and may send coding-task context to the selected AI provider.
Provider credentials are expected for this AI coding integration and are disclosed. The artifacts do not show hardcoded keys, credential logging, or unrelated credential use.
anthropic-sdk — Default. Claude Sonnet/Opus. Works with `ANTHROPIC_API_KEY` or AWS Bedrock. ... codex — OpenAI's gpt-5.4/gpt-5.4-mini. Requires `OPENAI_API_KEY`.
Use provider keys with appropriate billing limits and permissions, and avoid running the skill on code you cannot share with the selected provider.