Claude Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent and purpose-aligned, but it deserves careful review because it can run Claude Code with skipped permissions, approve tool use on the user’s behalf, read local Claude configuration, and install persistent hooks.
Install only if you intentionally want OpenClaw to manage Claude Code with broad local coding authority. Prefer manual/OpenClaw approval mode, avoid `--dangerously-skip-permissions` for sensitive repositories, redact Claude settings before inspection, keep notification modes event-only, review generated changes, and know how to remove the Claude hook and stop tmux sessions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may run shell commands, read files, and modify project files without the user reviewing each tool call.
The skill explicitly supports running Claude Code with permission checks skipped and tells the OpenClaw agent to handle approvals and iterations without involving the user during execution.
自动审批:print 模式用 `--dangerously-skip-permissions` ... Claude Code 自行决定执行 ... 中间过程(审批、迭代、修改)都由我自主处理,涛哥只关心最终结果
Use the non-auto approval mode for sensitive projects, avoid `--dangerously-skip-permissions` unless the workspace is trusted, restrict allowed tools and working directories, and review diffs before accepting results.
Local account configuration or API-key-like values in Claude settings could be read into the agent context if not redacted.
The skill tells the agent to inspect the user’s Claude settings file, which can contain MCP server configuration and environment values such as API keys.
已安装 MCP Servers ... 通过 `~/.claude/settings.json` 的 `mcpServers` 配置。需要检查本机实际配置。(首次使用时运行 `cat ~/.claude/settings.json` 检查)
Do not blindly `cat` the full settings file into an agent session. Inspect or parse only needed fields, redact `env` values and tokens, and avoid using this skill with sensitive provider credentials unless you trust the agent context.
OpenClaw may be woken and notifications may be sent for Claude Code sessions beyond the immediate task, depending on the user’s global Claude configuration.
The installation places a persistent user-level Claude Code Stop hook with an empty matcher, so the hook can run whenever Claude Code stops, not only for one visible skill invocation.
"hooks": { "Stop": [ { "matcher": "", "hooks": [ { "type": "command", "command": "python3 <SKILL_PATH>/hooks/on_complete.py" } ] } ] }Install hooks only where needed, prefer project-scoped configuration if Claude Code supports it, remove or disable the hook when not using the skill, and verify `hooks/stop_claude.sh` or manual cleanup procedures.
Sensitive code, task details, or secrets that appear in Claude Code output could be retained in local `/tmp` logs without an obvious retention or cleanup policy.
Even when outbound notifications default to event-only mode, the hook writes part of Claude Code’s assistant message summary to a shared temporary log path.
LOG_FILE = "/tmp/claude_notify_log.txt" ... log(f"Summary: {summary[:200]}")Remove or reduce summary logging, set restrictive file permissions, periodically delete `/tmp/claude_*` logs, and avoid sending secrets through Claude Code sessions managed by this skill.
Task-completion events and selected metadata can be sent through Telegram or another configured channel.
The hook sends user notifications and wakes an OpenClaw agent through the configured OpenClaw channel; this is disclosed and central to the skill’s asynchronous workflow.
"openclaw", "message", "send", "--channel", CHANNEL, "--target", CHAT_ID ... "openclaw", "agent", "--agent", AGENT_NAME, "--message", msg, "--deliver", "--channel", CHANNEL
Keep the default event-only notification mode for private work, use trusted private chat channels, and only enable summary/full notification modes when the channel is safe.
Users may not realize from registry metadata alone that the skill depends on external CLIs and persistent local configuration.
The registry metadata does not declare the external runtime requirements or provenance, although the included docs disclose OpenClaw, Claude Code, tmux, and GitHub clone-based installation.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Required binaries: none
Verify the repository/source before installation, review the included scripts, and ensure `claude`, `tmux`, and `openclaw` are installed from trusted sources.