Claude Code Integration
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claude-code Version: 1.0.0 This skill bundle is benign. The `claude-code.py` script primarily functions as a documentation viewer, providing hardcoded information about Claude Code. The `task` command within `claude-code.py` merely prints a message describing a task and explicitly states that the actual execution is handled by OpenClaw's native subagent system, not by this skill itself. The `install.sh` script only copies local files and sets execute permissions, without fetching external payloads or performing any suspicious system modifications. `SKILL.md` and `README.md` provide clear, non-malicious instructions and descriptions, with no evidence of prompt injection attempts to manipulate the agent into unauthorized actions. No data exfiltration, malicious execution, persistence mechanisms, or obfuscation were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a project, the agent may run commands or edit files as part of a coding workflow.
The skill tells the agent/user to combine this workflow guidance with command execution and file modification tools. That is expected for an AI coding workflow, but it can affect local repositories if used without review.
- **Code Execution**: Use with OpenClaw's exec tool for complete development workflow - **File Management**: Combine with OpenClaw's read/write tools for full codebase management
Use it only in intended workspaces, require confirmation for mutating actions, and review diffs and test results before accepting changes.
Users rely on packaged code without a linked source repository or registry-managed install contract.
The registry metadata does not provide source provenance or an install spec even though the package includes an executable helper and install script. The included script appears straightforward, but provenance is still worth user attention.
Source: unknown ... Install specifications: No install spec — this is an instruction-only skill ... Code file presence: claude-code.py, install.sh
Inspect the included files before manual installation and prefer trusted or official sources when possible.
Running those commands would execute remote code with the user's privileges.
The embedded documentation includes pipe-to-shell installer commands for Claude Code. They are examples rather than automatic execution, but following them would run remote installer code.
curl -fsSL https://claude.ai/install.sh | bash ... irm https://claude.ai/install.ps1 | iex
Verify the URL, read the installer first, or use a trusted package manager before running remote install commands.