Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Coding PM
v0.4.2Your AI project manager. Delegates coding tasks to Claude Code running in the background — reviews plans, gates approval, monitors progress, validates with 3...
⭐ 0· 582·9 current·9 all-time
byHorace He@horacehxw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the required binaries and actions: it legitimately needs git (worktrees/commits) and the Claude CLI (background coding-agent). No unrelated environment variables or credentials are requested in the manifest.
Instruction Scope
Runtime instructions tell the PM to scan the repo (cat package.json, ls src, etc.), create isolated git worktrees in ~/.worktrees, store per-task context in conversation memory, and launch long-lived background Claude Code sessions. It also instructs locating and appending a supervisor prompt from ~/.openclaw. These actions are consistent with the PM role but broaden the agent's read/write surface (access to many files, creation of marker files, and system event calls). The skill also instructs changing OpenClaw settings and restarting the gateway as setup steps (affects global agent tool permissions).
Install Mechanism
Instruction-only skill (no install spec, no downloaded code). Lowest install risk: nothing written during install by the skill itself. Code files present are just docs/prompts.
Credentials
The manifest requests no env vars, which is proportional, but the skill depends on an already-authenticated Claude CLI — meaning your Anthropic credentials will be used for all background work. The README explicitly requires disabling workspace-only FS restrictions (tools.fs.workspaceOnly=false), which expands filesystem access beyond the OpenClaw workspace. Those platform-level changes and the usage of the user's Claude credentials are powerful and should be considered before enabling.
Persistence & Privilege
always:false (good). The skill expects to create persistent artifacts (worktrees under ~/.worktrees, .supervisor wake markers) and to store per-task state in the agent's conversation memory — normal for a background task manager. It asks you to modify OpenClaw global config (workspaceOnly=false) and restart the gateway, which grants broader runtime privileges to agent tools and therefore increases risk if misused.
What to consider before installing
This skill is internally coherent for a PM that coordinates background coding agents, but it requires you to: (1) allow agent tools broader filesystem access (openclaw config change), (2) keep an authenticated Claude CLI (your Anthropic credentials will be used), and (3) accept background execution with --dangerously-skip-permissions. Before installing: review references/supervisor-prompt.md (the guardrails the skill relies on), try it only on non-production repositories, and consider whether you are comfortable granting filesystem access outside the OpenClaw workspace and allowing a background LLM to read source files and send them to an external service. If you need stronger safeguards, do not set tools.fs.workspaceOnly=false and do not enable background runs until you can vet or sandbox them; require manual approval for execution (keep plan approval gate active) and audit the first few tasks' outputs and commits.Like a lobster shell, security has layers — review code before you run it.
latestvk97a98ejhnvv69tmgtt3vf010981zngm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📋 Clawdis
OSLinux · macOS
Binsgit, claude