Lucky Coding Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent coding-delegation helper, but it recommends background coding agents and no-approval/no-sandbox modes that can change projects with limited containment.
Install only if you are comfortable letting external coding-agent CLIs work on your projects. Prefer sandboxed modes, avoid '--yolo' by default, run PR reviews in temporary clones or worktrees, keep everything under version control, monitor background sessions, and review diffs before accepting changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could modify important code or run commands with little opportunity for the user to review each action first.
The skill presents a background coding-agent workflow using a mode that explicitly disables sandboxing and approvals, which can allow broad project or local-environment changes without per-action review.
| `--yolo` | NO sandbox, NO approvals (fastest, most dangerous) | ... bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"
Avoid '--yolo' unless you explicitly trust the repo and task. Prefer sandboxed modes, temporary clones/worktrees, version control checkpoints, and manual diff review before accepting changes.
Users may assume files outside the chosen project directory are protected when the delegated CLI may still be able to access more of the local environment.
The guidance may overstate the protection provided by a working directory. A workdir focuses the process but is not necessarily a security boundary, especially when the same document recommends a no-sandbox mode.
`workdir` ... `Working directory (agent sees only this folder's context)` ... `--yolo` ... `NO sandbox, NO approvals`
Treat workdir as a convenience, not a sandbox. Use real sandboxing or isolated temporary directories for sensitive work, and avoid running no-sandbox agents near private files.
A coding-agent process may keep running and changing files until it finishes or is killed.
The skill intentionally starts coding agents as background sessions and provides monitoring and kill commands. This is purpose-aligned, but users should notice that work can continue after the initial command returns.
bash pty:true workdir:~/project background:true command:"codex exec --full-auto 'Build a snake game'" ... `process action:kill sessionId:XXX`
Monitor background sessions, review logs, and kill sessions that are no longer needed or appear to be doing unexpected work.
Actions may be performed under the user's existing Codex/Claude/OpenCode/Pi accounts and local permissions.
The skill relies on locally installed coding-agent CLIs and their local configuration, which likely means it uses the user's existing tool accounts and permissions. The artifact does not show credential theft or leakage.
"anyBins": ["claude", "codex", "opencode", "pi"] ... `gpt-5.2-codex` is the default (set in ~/.codex/config.toml)
Confirm which CLI account is logged in, what permissions it has, and whether the repository is appropriate to share with that tool.
Private code, prompts, or repository context may be processed by the selected external coding-agent tool.
The skill delegates prompts and project-context work to other coding-agent CLIs. This is expected for the purpose, but the artifact does not spell out data boundaries or provider handling.
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process.
Use it only on repositories and prompts that are allowed under the selected provider's data policy, and remove secrets before delegating work.