Qoder CLI skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: qoder-cli-skill Version: 0.1.0 The skill bundle is classified as suspicious due to the integration of a powerful CLI tool (`qodercli`) with high-risk capabilities that could be exploited via prompt injection. Specifically, the `SKILL.md` documentation explicitly highlights and provides examples for the `--yolo` flag, which 'Skips permission checks' within `qodercli`, allowing potential bypass of internal safeguards. Additionally, the ability to add arbitrary MCP servers using `bash command:"qodercli mcp add <name> -- <command>"` allows the agent to execute `npx` commands to install and run any npm package (potentially malicious ones) with auto-confirmation (`-y`), creating a significant attack surface for arbitrary code execution or unauthorized system modifications.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could let Qoder modify project files or use tools without the normal interactive permission prompts.
The skill documents a non-interactive mode that bypasses Qoder CLI permission checks while performing code-changing tasks, without a clear requirement for user approval or tool limits.
# Yolo mode (skip permissions) ... qodercli --yolo -p 'Make the changes'
Use `--yolo` only after explicit user consent, and prefer scoped options such as a specific working directory, `--max-turns`, `--allowed-tools`, and `--disallowed-tools`.
Qoder CLI actions may run under the user's Qoder account and may consume account privileges or quota in contexts where other participants can influence the task.
The skill relies on a personal access token inherited from the user environment, including shared/group sessions, while the registry metadata declares no primary credential or required environment variable.
QODER_PERSONAL_ACCESS_TOKEN ... In any session type, the environment variable is inherited from the shell
Confirm which account token is available before use, avoid exposing it in shared sessions, and revoke or scope the token if it is no longer needed.
The safety of the skill depends heavily on the installed `qodercli` binary, which is outside this artifact review.
The skill does not install code itself, but it delegates to a local external binary whose provenance is not established by the provided artifacts.
Source: unknown; Homepage: none; Required binaries: qodercli; No install spec
Install `qodercli` only from an official source, keep it updated, and verify which binary is on your PATH before enabling the skill.
A stale or overly broad subagent definition could influence later coding tasks or retain unsafe tool permissions.
The instructions describe persistent user-level subagent definitions that can affect future Qoder tasks across projects.
~/.qoder/agents/<agentName>.md - User-level (all projects) ... Subagents ... own context windows and tool permissions
Review user-level agent files periodically, keep tool permissions minimal, and prefer project-level agents when behavior should not apply globally.