Mini Coder Max
v1.0.0Autonomous coding agent that systematically plans, implements, reviews, and delivers high-quality code. Handles tasks of any complexity by following a struct...
⭐ 0· 23·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (autonomous coding agent) match the instructions in SKILL.md: planning, research, implementation, QA, and delivery. The skill declares no binaries, env vars, or installs, which is proportionate for an instruction-only coding assistant.
Instruction Scope
Instructions explicitly direct the agent to use web search and fetch tools for research and to consult external documentation; that is coherent for a coding assistant. This does mean the agent will contact external sites for information. I saw no directives to read arbitrary local files, access system credentials, or transmit user data to unknown endpoints in the visible portion, but the SKILL.md was truncated in your submission so I could not review the entire instruction set.
Install Mechanism
No install spec and no code files — lowest risk for disk persistence or binary installation. Nothing will be written to disk by an install step because there is none.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for the stated functionality.
Persistence & Privilege
Flags show always:false and normal autonomous invocation behavior. The skill does not request permanent presence or system-wide config changes in the visible content.
Assessment
This skill appears coherent for an autonomous coding assistant and poses a low structural risk because it is instruction-only and requests no credentials or installs. However:
- The skill explicitly uses web search/fetch for research, so avoid submitting sensitive code, secrets, or private repository links to it unless you trust the execution environment and network controls. Web fetches could pull external content into the agent's decision-making or (depending on your agent) cause it to post content externally.
- The SKILL.md you provided was truncated; ask the publisher for the full SKILL.md or the source/homepage before installing to confirm there are no hidden instructions that access local files, request credentials, or post data to third-party endpoints.
- Prefer skills with a verifiable source (homepage or repo) and an author identity. If you must use this skill, test it first in a safe sandbox with non-sensitive inputs.
If you can provide the full SKILL.md or a link to the skill source, I can re-run a more confident review.Like a lobster shell, security has layers — review code before you run it.
latestvk974c4y1z9r653ffk80xxvnfgn84ez01
License
MIT-0
Free to use, modify, and redistribute. No attribution required.