AI Auto Dev
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is for automated coding, but it explicitly asks for full filesystem access, no approvals, background execution, and a warmup step designed to avoid later confirmations.
Only use this skill in a disposable or tightly sandboxed development workspace. Do not configure danger-full-access or no-approval mode on important files unless you fully trust the Builder and are comfortable with automated background commands modifying the project.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After the warmup, the agent may be able to start later background commands with fewer prompts, reducing the chance for the user to review high-impact actions.
The warmup command is not just setup; it is explicitly framed as a way to establish trust so later background Bash tasks do not require confirmation.
目的:建立 Claude Code 会话信任,避免后续 Bash 后台任务需要确认 ... 每次调用 `/ai-auto-dev` 都必须先执行暖场 ... 使用 `run_in_background: true`
Do not use the trust-warmup pattern. Require explicit user approval before background jobs, filesystem-wide access, or command execution that can modify a project.
A mistake, bad prompt, or compromised Builder could modify or delete files outside the intended task without further confirmation.
The skill directs users to give the Builder full filesystem access while disabling approvals, creating broad authority for automated command execution and file mutation.
Builder 必须有完整文件系统访问权限 ... ask_for_approval = "never" ... sandbox_mode = "danger-full-access"
Run only in a disposable container or dedicated project checkout, keep approvals enabled for risky commands, and restrict write access to the intended repository.
Project scripts or dependencies may run code on the local machine as part of the automated checks.
The skill intentionally runs local build and test commands. This is expected for automated development, but those commands can execute project scripts and dependencies.
Self-Check Requirements (MANDATORY) ... `npx tsc --noEmit --strict --skipLibCheck` ... `npm test` ... `npm run build`
Use this only on trusted repositories and dependencies, preferably inside a sandboxed development environment.
Automation may continue changing the project across task boundaries or after an interruption, especially when combined with disabled approvals.
The workflow is designed to continue automatically, monitor background tasks, and resume interrupted work from a progress file.
启动主动监控:自动检测任务完成,无需等待明确信号 ... 任务完成后自动进入第四步验收 ... `.codex-progress.json`
Add explicit stop points before each batch, require user approval before resuming failed or active tasks, and provide a clear way to cancel running jobs.
Users may install different or future versions of the Builder tools than the skill author tested.
The skill recommends global package-manager installs without pinned versions. This is a common setup pattern, but it leaves the exact installed code dependent on package-manager state at install time.
Codex CLI | `npm i -g @openai/codex` ... Aider | `pip install aider-chat`
Install Builder tools from trusted sources, pin versions where possible, and review their permissions before granting full filesystem access.
Task details and potentially project context may be processed by another tool or provider selected by the user.
The workflow delegates work from Claude Code to another AI coding tool and passes task specs to it. This is central to the skill, but the data boundary depends on the chosen Builder.
Claude Code 作为项目经理,Builder 作为执行者 ... 将 Spec MD 传递给 Builder
Use a trusted Builder, understand its data handling policy, and avoid running the workflow on sensitive code unless the Builder environment is approved.