ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

coding-agent

Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 155 · 0 current installs · 0 all-time installs
byShiwen Han@TSHOGX
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The written instructions match the described purpose (delegating coding work to Codex/Claude/Pi/OpenCode via CLI invocations and background sessions). However the skill declares no required binaries, env vars, or install steps while the instructions repeatedly assume presence of multiple CLIs (codex, claude, opencode, gh, git) and a configured environment — that omission is an incoherence the user should be aware of.
!
Instruction Scope
The SKILL.md explicitly instructs using flags that bypass sandboxing and approvals (e.g., --permission-mode bypassPermissions, --yolo / 'no sandbox, no approvals'), running interactive PTYs, background sessions, and an 'elevated' host mode. Those instructions go beyond benign automation and materially increase risk (arbitrary commands, potential file/system modification, exfiltration) — they are within the skill's stated purpose but are high-risk operational choices that should be explicitly declared and constrained.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. That lowers installation risk (nothing new is written to disk by the skill itself).
!
Credentials
The skill lists no required environment variables or primary credential, but the instructions implicitly require authenticated CLIs (e.g., 'gh pr checkout', 'gh pr comment', git clone, and agent CLIs). It therefore expects existing credentials/configuration (GitHub auth, agent CLI auth) without declaring them — an important mismatch. The ability to run agents with bypassed permissions could access tokens and files available to the process, so the lack of declared env/credential requirements is concerning.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and leaves autonomous invocation at the platform default. However, the instructions promote long-running background sessions and an 'elevated' option that, if used, would allow host-level execution; combined with sandbox-bypass flags this increases potential blast radius. The metadata itself does not request elevated privileges, but the operational guidance encourages using them.
What to consider before installing
This skill plausibly does what it says, but it omits and actively encourages risky operational choices. Before installing: (1) confirm on your system that the required CLIs (codex, claude, opencode, git, gh, etc.) are present and understand which credentials they use; (2) do not use sandbox-bypass flags (--yolo, bypassPermissions) or 'elevated' host mode unless you fully trust the remote agent and understand the consequences — these options allow arbitrary commands to run on your host and can access local files/credentials; (3) run any spawned agents only in disposable temporary directories or isolated environments (containers or VMs) and avoid running inside the OpenClaw workspace; (4) be prepared to monitor and kill background sessions and to rotate any tokens or secrets that might be exposed; (5) consider asking the skill author to explicitly declare required binaries and any credential needs before installing so you can make an informed decision.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977b94shkbsb9xf5zs57f4mq982nr4c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Coding Agent

Use bash (with optional background mode) for all coding agent work.

PTY: Codex/Pi/OpenCode yes, Claude Code no

For Codex, Pi, and OpenCode, PTY is required (interactive terminal apps):

# Codex/Pi/OpenCode
bash pty:true command:"codex exec 'Your prompt'"

For Claude Code (claude CLI), use --print --permission-mode bypassPermissions instead. --print mode keeps full tool access and avoids interactive confirmation:

# Claude Code (no PTY needed)
cd /path/to/project && claude --permission-mode bypassPermissions --print 'Your task'

# Background execution: use background:true on the exec tool

Bash Tool Parameters

ParameterTypeDescription
commandstringThe shell command to run
ptybooleanAllocates a pseudo-terminal for interactive CLIs (required for Codex/Pi)
workdirstringWorking directory (agent sees only this folder's context)
backgroundbooleanRun in background, returns sessionId for monitoring
timeoutnumberTimeout in seconds (kills process on expiry)
elevatedbooleanRun on host instead of sandbox (if allowed)

Process Tool Actions

ActionDescription
listList all running/recent sessions
pollCheck if session is still running
logGet session output (with optional offset/limit)
writeSend raw data to stdin
submitSend data + newline (like typing and pressing Enter)
send-keysSend key tokens or hex bytes
pastePaste text (with optional bracketed mode)
killTerminate the session

Quick Start: One-Shot Tasks

# Quick chat (Codex needs a git repo!)
SCRATCH=$(mktemp -d) && cd $SCRATCH && git init && codex exec "Your prompt here"

# In a real project
bash pty:true workdir:~/Projects/myproject command:"codex exec 'Add error handling to the API calls'"

Why git init? Codex refuses to run outside a trusted git directory. A temp repo solves this for scratch work.

The Pattern: workdir + background + pty

For longer tasks, use background mode:

# Start agent in target directory
bash pty:true workdir:~/project background:true command:"codex exec --full-auto 'Build a snake game'"
# Returns sessionId for tracking

# Monitor progress
process action:log sessionId:XXX

# Check if done
process action:poll sessionId:XXX

# Send input (if agent asks a question)
process action:submit sessionId:XXX data:"yes"

# Kill if needed
process action:kill sessionId:XXX

Why workdir matters: Agent wakes up in a focused directory and doesn't wander off reading unrelated files.

Codex CLI

Preferred agent for single tasks. Pass the requirements clearly — Codex handles execution well.

Flags

FlagEffect
exec "prompt"One-shot execution, exits when done
--full-autoSandboxed but auto-approves in workspace
--yoloNo sandbox, no approvals (fastest, most dangerous)

Building/Creating

# Quick one-shot
bash pty:true workdir:~/project command:"codex exec --full-auto 'Build a dark mode toggle'"

# Background for longer work
bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"

Reviewing PRs

Never review PRs in the OpenClaw workspace or the live project folder. Clone to temp or use git worktree.

# Clone to temp for safe review
REVIEW_DIR=$(mktemp -d)
git clone https://github.com/user/repo.git $REVIEW_DIR
cd $REVIEW_DIR && gh pr checkout 130
bash pty:true workdir:$REVIEW_DIR command:"codex review --base origin/main"
# Clean up after: trash $REVIEW_DIR

# Or use git worktree (keeps main intact)
git worktree add /tmp/pr-130-review pr-130-branch
bash pty:true workdir:/tmp/pr-130-review command:"codex review --base main"

Batch PR Reviews (parallel)

# Fetch all PR refs
git fetch origin '+refs/pull/*/head:refs/remotes/origin/pr/*'

# One Codex per PR
bash pty:true workdir:~/project background:true command:"codex exec 'Review PR #86. git diff origin/main...origin/pr/86'"
bash pty:true workdir:~/project background:true command:"codex exec 'Review PR #87. git diff origin/main...origin/pr/87'"

# Monitor all
process action:list

# Post results
gh pr comment <PR#> --body "<review content>"

OpenCode

bash pty:true workdir:~/project command:"opencode run 'Your task'"

Claude Code

No PTY required. Use when explicitly requested or for tasks that benefit from tighter integration.

# Foreground
bash workdir:~/project command:"claude --permission-mode bypassPermissions --print 'Your task'"

# Background
bash workdir:~/project background:true command:"claude --permission-mode bypassPermissions --print 'Your task'"

Pi

bash pty:true workdir:~/project command:"pi 'Your task'"

# Non-interactive mode
bash pty:true command:"pi -p 'Summarize src/'"

# Different provider/model
bash pty:true command:"pi --provider openai --model gpt-4o-mini -p 'Your task'"

Parallel Issue Fixing with git worktrees

# Create worktrees for each issue
git worktree add -b fix/issue-78 /tmp/issue-78 main
git worktree add -b fix/issue-99 /tmp/issue-99 main

# Launch agents in parallel
bash pty:true workdir:/tmp/issue-78 background:true command:"pnpm install && codex --yolo 'Fix issue #78: <description>. Commit and push.'"
bash pty:true workdir:/tmp/issue-99 background:true command:"pnpm install && codex --yolo 'Fix issue #99. Implement only the in-scope edits and commit after review.'"

# Monitor
process action:list
process action:log sessionId:XXX

# Create PRs
cd /tmp/issue-78 && git push -u origin fix/issue-78
gh pr create --repo user/repo --head fix/issue-78 --title "fix: ..." --body "..."

# Cleanup
git worktree remove /tmp/issue-78
git worktree remove /tmp/issue-99

Rules

  1. Right execution mode per agent: Claude Code uses --print --permission-mode bypassPermissions (no PTY); Codex/Pi/OpenCode use pty:true
  2. Respect tool choice — if the user asks for a specific agent, use it; don't silently substitute
  3. Orchestrator mode — do not hand-code patches yourself when the task is delegated to an agent
  4. Be patient — don't kill sessions just because they're slow; check with process:log first
  5. Parallel is fine — run multiple agents at once for batch work
  6. Never start agents in the OpenClaw workspace — they'll read soul docs and get confused about who's in charge
  7. Never checkout branches in the live OpenClaw project folder — that's the running instance

Progress Updates

Keep the user in the loop without flooding them.

  • One short message when you start: what's running and where
  • Update again only when something changes: milestone done, agent needs input, error, or finished
  • If you kill a session, say so immediately and explain why

Auto-Notify on Completion

For long-running background tasks, append a wake trigger to the prompt so Miki gets notified immediately when the agent finishes:

... your task here.

When completely finished, run:
openclaw system event --text "Done: [brief summary]" --mode now

Example:

bash pty:true workdir:~/project background:true command:"codex --yolo exec 'Build a REST API for todos.

When completely finished, run: openclaw system event --text \"Done: Built todos REST API\" --mode now'"

Notes

  • PTY is essential for Codex/Pi/OpenCode — without it, output breaks or the agent hangs
  • Git repo required for Codex — use mktemp -d && git init for scratch work
  • exec is cleancodex exec "prompt" runs and exits, perfect for one-shots
  • submit vs writesubmit sends input + Enter; write sends raw data without newline

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…