BMAD Orchestrator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent BMAD workflow helper, but it directs the agent to run Claude Code over SSH with permission checks skipped, automate code changes and commits, and add background monitoring.
Install only if you intentionally want OpenClaw to coordinate a remote Claude Code session for a project. Before use, replace the hard-coded VM details, avoid or carefully approve '--dangerously-skip-permissions', run on a separate branch or disposable clone, and verify any cron monitor and tmux session are removed when finished.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code could edit files and run development commands on the VM without the usual approval prompts.
The setup launches Claude Code with permission checks explicitly skipped and then automates accepting the permission prompt, giving the delegated coding agent broad tool authority.
npx @anthropic-ai/claude-code --dangerously-skip-permissions ... # Accept permissions (select option 2)
Do not use the skip-permissions mode by default; require explicit user confirmation, restrict execution to a disposable project directory or branch, and keep normal Claude Code approvals enabled where possible.
Running this skill may use your SSH identity and remote account privileges to create sessions, run commands, and modify a project on the target VM.
The workflow uses SSH account access to a dev VM, with example host and username values, even though the registry metadata declares no credentials or config paths.
VM_HOST="10.0.0.189"
VM_USER="hrexed"
...
ssh ${VM_USER}@${VM_HOST}Confirm the SSH host, username, project path, and account privileges before use, and use a least-privileged VM account dedicated to this workflow.
The actual behavior of the delegated BMAD slash commands depends on whatever BMAD framework is installed in the project.
The skill depends on an external BMAD framework and slash commands that are not included in the reviewed artifact set.
BMAD framework installed in the project (`_bmad/` directory with agents, workflows, commands)
Install BMAD only from a trusted source, review the project’s `_bmad/` commands before automation, and pin or document versions where possible.
A bad instruction or faulty delegated implementation could be committed repeatedly across the project before the user notices.
The workflow automates repeated code implementation and commits across stories, but does not specify branch isolation, rollback, or user approval before each commit.
For each epic, for each story: ... **Dev Story** ... implements code + tests ... **Code Review** ... Commit after each story
Run Phase 4 only on a separate branch or disposable clone, require review before commits, and define a clear stop/rollback procedure.
Background activity may continue after the initial chat interaction and keep observing or interacting with the Claude Code session.
The skill creates recurring background monitoring for a delegated coding agent, and the main instructions do not clearly bound duration, scope, or required user confirmation.
Set up a cron job to monitor Claude Code progress every 15 minutes. Report status updates to user via chat.
Require explicit user approval before creating cron jobs, make cleanup automatic and visible, and provide a command to stop the tmux session and remove the monitor.