Perry Coding Agents
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote coding agent may keep running and modifying the project until it decides it is done, making it harder to stop, audit, or bound the work.
The skill explicitly instructs launching remote coding agents in the background without a hard runtime limit, which can continue changing a workspace after the initial dispatch.
- **No hard timeouts** — background dispatch, let agent run
Add explicit user confirmation, timeout or cancellation guidance, task IDs, allowed repositories/branches, and a clear stop procedure for background agents.
If the IP is wrong or intercepted, coding prompts, repository access, or callback tokens could be sent to an unintended host, and the command can start high-impact remote automation.
The documented dispatch command disables SSH host-key verification while running a raw remote shell command that starts a coding agent.
ssh -o StrictHostKeyChecking=no workspace@<IP> "cd ~/<project> && /home/workspace/.opencode/bin/opencode run 'task'" &
Avoid disabling host-key verification by default; use pinned host keys or known_hosts, verify Tailscale identities, and require review before launching remote coding commands.
The remote agent may make repository changes or PR updates using the credentials available in the workspace.
The skill expects the remote coding agent to use workspace and likely Git/GitHub credentials to create PRs, push fixes, and inspect CI, which is aligned with the coding purpose but uses delegated account authority.
Create PR when done... CI failing: test/auth.test.ts line 42. Fix and push.
Use least-privilege workspace and Git credentials, restrict allowed repositories and branches, and require human review before merging or applying sensitive changes.
Old or incorrect context could influence later coding tasks, and project details may persist in the remote agent's local state.
The skill relies on persistent OpenCode context stored in the workspace home directory, which may carry prior task context into later work.
- **Reuse sessions** — OpenCode keeps context in `~/.opencode/`
Clear or separate agent sessions between unrelated tasks, avoid reusing context across repositories or trust boundaries, and document retention expectations.
The wake token and callback address may be visible to the remote agent, its logs, or the workspace process environment if handled carelessly.
The dispatch prompt gives the remote coding agent a callback address and bearer token so it can notify the original environment when finished.
When done: curl -X POST http://${WAKE_IP}:18789/hooks/wake -H "Authorization: Bearer <hooks-token>"Use short-lived, least-privilege wake tokens, avoid logging them, rotate them regularly, and ensure the callback only accepts the intended minimal action.