Coding Agent Backup
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly describes delegating coding work to local coding-agent CLIs, but it also bundles code that secretly uses a hardcoded Google Gemini API key and sends prompts to an undeclared provider.
Review this skill carefully before installing. Avoid using `--yolo` or unsandboxed background agents unless you fully trust the workspace and understand the consequences. The hardcoded Gemini key and undeclared Google API call should be removed or replaced with a clearly documented, user-supplied credential before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this code could use an API credential the user did not supply, and the exposed key could be abused or billed outside the user's control.
The code embeds a Google Gemini API key even though the registry declares no primary credential or required environment variables.
this.apiKey = "AIzaSy...Ejk0"; this.modelUrl = "https://generativelanguage.googleapis.com/v1/models/gemini-3.1-pro:generateContent";
Remove the hardcoded key, rotate it, declare the Gemini credential requirement explicitly, and require users to provide their own scoped key through an environment variable or secure secret store.
Code requests, pasted snippets, or other prompt content may be sent to an undeclared external provider.
User prompts are packaged and sent to the Google Gemini API, but the skill description presents the workflow as delegation to Codex, Claude Code, OpenCode, or Pi rather than Gemini.
contents: [{ parts: [{ text: prompt }] }] ... const requestUrl = `${this.modelUrl}?key=${this.apiKey}`;Clearly disclose the Gemini data flow, explain what user content is sent, and provide an opt-in configuration path before any prompt leaves the local environment.
A user may trust the skill as a local/CLI delegation helper while unknowingly accepting a different remote model provider and credential behavior.
This stated provider set omits the bundled index.js behavior that calls Google Gemini with a hardcoded key, creating a material mismatch between description and code.
description: "Delegate coding tasks to Codex, Claude Code, or Pi agents via background process."
Align the description, metadata, and code. If Gemini support is intended, disclose it prominently and remove or explain any unused/contradictory files.
If used incautiously, an autonomous coding agent could modify files, run commands, or make broad project changes without further confirmation.
The skill documents and demonstrates unsandboxed, no-approval coding-agent execution in the background.
`--yolo` | NO sandbox, NO approvals (fastest, most dangerous) ... bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"
Prefer sandboxed/approval-gated modes, avoid `--yolo` unless the user explicitly requests it, and run reviews or experiments in temporary clones or worktrees.
Background agents may keep operating after the initial command returns, so users need to monitor and stop them when finished.
Background execution is explicitly part of the skill and includes monitoring/kill controls, but it still creates long-running autonomous sessions.
bash pty:true workdir:~/project background:true command:"codex exec --full-auto 'Build a snake game'" ... process action:kill sessionId:XXX
Track session IDs, poll logs regularly, set timeouts where possible, and kill background sessions after the task is complete.