Coding Cli Management
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for managing AI coding CLIs, but it can let worker messages trigger no-confirm coding tools using local CLI accounts and overwrite shared workspaces.
Install only if you trust the manager, workers, selected coding CLI, and local credential setup. Prefer a dedicated low-privilege CLI account, remove or restrict no-confirm flags, review diffs before syncing, and verify all external binaries and referenced scripts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A worker-generated prompt could cause broad code edits or command actions in the workspace without a per-action confirmation prompt.
The script runs AI coding CLIs with flags that bypass or auto-accept permission prompts, allowing the prompt file to drive code changes without normal interactive safeguards.
claude ... --dangerously-skip-permissions; gemini ... -y; qodercli ... --yolo -w $workspace
Remove no-confirm flags where possible, run the CLIs in a tightly sandboxed workspace, and require an explicit diff/review approval before accepting changes.
Bad or unintended CLI changes can be propagated to shared task storage and affect other workers or later task steps.
After a successful CLI exit code, the workflow mirrors the modified workspace back to shared MinIO storage with overwrite enabled, without showing a required human review or rollback step.
if [ "$exit_code" -eq 0 ]; then mc mirror "/root/hiclaw-fs/shared/tasks/${task_id}/workspace/" "hiclaw/hiclaw-storage/shared/tasks/${task_id}/workspace/" --overwriteMirror to a staging path first, preserve backups, validate the task path, and require review before overwriting shared workspace content.
The selected Claude, Gemini, or qodercli account may be used by the manager workflow and indirectly by worker prompts, potentially consuming quota or accessing account-scoped resources.
The skill expects existing CLI credential directories, including possible host-share symlinks, but registry metadata declares no primary credential or required config paths.
建议检查: - ~/.{cli}/ 凭证是否有效(token 是否过期) - /host-share/.{cli}/ 软链是否正常Declare the credential requirement, use a dedicated least-privilege CLI account, avoid sharing personal credential directories, and confirm which account is active before enabling delegation.
Actual behavior depends partly on locally installed binaries and scripts that are outside this skill’s reviewed files.
The metadata does not provide provenance or dependency declarations even though the workflow relies on external local tools and sibling skill scripts.
Source: unknown; Homepage: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Verify the source and versions of the coding CLIs and referenced local scripts before enabling this skill.
Prompts and CLI output may remain available in shared task storage or logs beyond the immediate run.
The workflow persists worker prompts and CLI logs under task directories; those records may contain code, instructions, or sensitive task details.
prompt_dir="/root/hiclaw-fs/shared/tasks/${task_id}/coding-prompts" ... cat > "$prompt_file" ... 变更记录:~/hiclaw-fs/shared/tasks/{task-id}/workspace/coding-cli-logs/Set retention and access controls for prompt and log directories, and avoid placing secrets in coding prompts.