Claude Code Integration
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a project, the agent may run commands or edit files as part of a coding workflow.
The skill tells the agent/user to combine this workflow guidance with command execution and file modification tools. That is expected for an AI coding workflow, but it can affect local repositories if used without review.
- **Code Execution**: Use with OpenClaw's exec tool for complete development workflow - **File Management**: Combine with OpenClaw's read/write tools for full codebase management
Use it only in intended workspaces, require confirmation for mutating actions, and review diffs and test results before accepting changes.
Users rely on packaged code without a linked source repository or registry-managed install contract.
The registry metadata does not provide source provenance or an install spec even though the package includes an executable helper and install script. The included script appears straightforward, but provenance is still worth user attention.
Source: unknown ... Install specifications: No install spec — this is an instruction-only skill ... Code file presence: claude-code.py, install.sh
Inspect the included files before manual installation and prefer trusted or official sources when possible.
Running those commands would execute remote code with the user's privileges.
The embedded documentation includes pipe-to-shell installer commands for Claude Code. They are examples rather than automatic execution, but following them would run remote installer code.
curl -fsSL https://claude.ai/install.sh | bash ... irm https://claude.ai/install.ps1 | iex
Verify the URL, read the installer first, or use a trusted package manager before running remote install commands.