coder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: coder Version: 0.1.0 The skill requests 'exec' permission, which is generally high-risk, but the associated script `scripts/coder-info.sh` is entirely benign. It only prints static strings or a static JSON object to standard output based on command-line arguments. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts in `SKILL.md`. All files consistently describe a simple informational skill, and the code does not exploit the 'exec' permission for any harmful purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill allows the agent to run this included script, but the script does not access files, credentials, network services, or modify the system.
The skill requests permission to execute a local script and documents invoking that script, but the reviewed script only emits fixed brand, feature, or JSON text.
permissions:
- exec
...
```bash
scripts/coder-info.sh
```Acceptable for this purpose; users should still recognize that the skill uses local script execution.
A user may expect functional coding tools, but the artifacts show only informational output.
The description advertises developer-productivity capabilities, while the actual documented behavior is namespace reservation and informational output.
Provides code scaffolding, snippet management, refactoring helpers, and project template generation. ... This skill reserves the `coder` namespace on ClawHub and provides brand identity and feature information when invoked.
Treat this as a brand/info skill unless future versions add the advertised coding functionality.