Lucky Coding Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for delegating coding work, but it encourages background coding agents with auto-approval or no sandbox, which can modify projects without normal review.
Install only if you are comfortable with an assistant spawning local coding-agent CLIs. Prefer temp clones or sandboxes, avoid `--yolo`, set clear task scope and timeouts, and monitor or kill background sessions when needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could make broad code or environment changes without the user reviewing each action first.
The skill explicitly recommends modes that remove normal approval gates for coding agents that can edit and run code in the workspace.
`--full-auto` | Sandboxed but auto-approves in workspace ... `--yolo` | NO sandbox, NO approvals (fastest, most dangerous)
Avoid `--yolo` by default, prefer a disposable clone or sandbox, and require explicit user approval before using auto-approval or no-sandbox modes.
A background agent can continue running after the initial response, consuming resources or changing files until it finishes or is killed.
The skill demonstrates launching an autonomous coding agent as a background process, including in no-sandbox/no-approval mode.
bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"
Use background mode only for clearly scoped tasks, set timeouts where possible, monitor logs, and kill sessions that go off track.
Coding work may run under the user's existing provider accounts and could consume quotas or use account-level permissions.
The delegated CLIs will operate using whatever local accounts, configuration, and permissions are already set up for those tools.
"requires": { "anyBins": ["claude", "codex", "opencode", "pi"] } ... `gpt-5.2-codex` is the default (set in ~/.codex/config.toml)Confirm which CLI account and configuration will be used before delegating work, especially in shared or production repositories.
Repository contents or prompts may be processed by the selected external coding agent according to that tool's behavior and settings.
The skill hands repository context to separate coding-agent CLIs; the workdir limits scope, but the artifacts do not fully define what project data those agents may process.
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process ... `workdir` ... Agent wakes up in a focused directory
Use a minimal workdir, avoid sensitive files, and check the selected coding agent's data-handling settings before use.