OMC/OMX 编码任务编排器
PassAudited by VirusTotal on Apr 30, 2026.
Overview
Type: OpenClaw Skill Name: omc-omx-orchestrator Version: 4.3.0 The bundle is a sophisticated orchestration system for managing asynchronous coding tasks using the Claude (OMC) and Codex (OMX) CLI tools. It features a robust task lifecycle management system, including pre-flight checks, structured task metadata (task.json), and a dedicated recovery script (task-recovery.py) to handle agent restarts. While the skill requires high-privilege access to modify local files and explicitly uses flags to bypass tool sandboxes (e.g., --dangerously-bypass-approvals-and-sandbox), these behaviors are transparently documented and essential for its stated purpose of automated code refactoring and auditing. No evidence of malicious intent, data exfiltration, or unauthorized persistence was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A dispatched OMX task may edit files or run local commands without the usual sandbox or approval boundary, so an incorrect task or model action could damage the project or local environment.
The standard OMX workflow tells the agent to disable both approval prompts and sandbox protections for local coding tasks.
始终使用 `--dangerously-bypass-approvals-and-sandbox`(别名 `--madmax`)关闭沙箱,因为任务由用户明确派发,在用户本机执行。
Do not make the dangerous bypass mode the default. Require explicit per-task confirmation, prefer sandboxed or least-privilege modes where possible, run inside a disposable checkout/container, and ensure version control/backups are available.
This could terminate other OMX detached tmux sessions that happen to match the pattern, affecting unrelated tasks outside the current dispatch.
The OMX command template performs a broad tmux cleanup by pattern, not by the specific task ID or process it launched.
tmux ls 2>/dev/null | grep 'omx-.*-detached-' | cut -d: -f1 | xargs -r tmux kill-session -t
Track and clean up only the tmux session or process created for the specific task, and ask before killing unrelated sessions.
Long-running coding jobs may continue to operate on local files even if the user closes or restarts the main agent.
The skill intentionally creates detached background processes that can continue running after the main agent stops.
`os.setsid` 创建独立进程组,主 Agent 死亡不影响子进程
Use the task list and recovery tools to monitor running jobs, provide an explicit cancel/kill workflow, and avoid dispatching tasks unless you are comfortable with them continuing in the background.
Using this skill may consume API quota and grants the local Claude CLI access under the configured Anthropic account.
The skill requires an Anthropic API key for one of its core execution modes; this is expected for the Claude CLI but is still sensitive account authority.
`claude -p` 需要 `ANTHROPIC_API_KEY`:Claude Code 的 `-p/--print` 管道模式依赖 API Key 认证
Use a scoped key if available, store it securely outside task files/logs, and revoke or rotate it if you no longer use this workflow.
Task descriptions, logs, and model outputs may remain on disk and could contain project details or secrets if the user includes them in prompts.
Task specs, stdout, stderr, and results are persisted under the OpenClaw task directory for recovery and later inspection.
所有输出写文件:`claude -p` 和 `omx exec` 的 stdout/stderr 全部重定向到任务目录下的文件
Avoid putting secrets in task descriptions, review task logs before sharing, restrict filesystem permissions on the task directory, and periodically clean up old tasks.