ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Code Collaboration

Integrates OpenClaw with Claude Code CLI to delegate coding tasks via JSON queues for advanced multi-turn code collaboration and analysis.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 35 · 0 current installs · 0 all-time installs
by@gesilajerry
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description (delegate tasks to Claude Code CLI) is consistent with the code and SKILL.md, but the package metadata claims no required env or credentials while the SKILL.md and the script expect Anthropic/Claude-related environment settings. The script also hardcodes an API key and a fixed WORK_DIR (/Volumes/256G/mywork) that are not justified by the SKILL.md's example directories (~/.openclaw/agents/...). This mismatch suggests sloppy or deceptive packaging.
!
Instruction Scope
SKILL.md instructs the agent to read/write JSON task files under a workspace path defined by the user; however the included agent.py uses a different hardcoded WORK_DIR and will create logs, status, input, and output directories there. The script also unconditionally injects many Anthropic-related environment variables and will run the 'claude' CLI with a prompt read from input JSON — behavior consistent with purpose but with unexpected hardcoded configuration and secret injection.
Install Mechanism
This is an instruction-only skill with no install spec; risk from install mechanisms is low. SKILL.md suggests installing the claude CLI via brew or npm, which is expected for the described integration.
!
Credentials
Metadata lists no required env vars, but SKILL.md instructs users to set ANTHROPIC_AUTH_TOKEN, ANTHROPIC_BASE_URL, and model vars. Worse, the script ignores external ANTHROPIC_AUTH_TOKEN and overwrites it with a hard-coded secret value inside agent.py. Embedding a static API key in the script is a serious red flag (exposes credentials and could enable unauthorized use or tracking). The script also sets many additional ANTHROPIC_* vars not documented in metadata.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills' configs, but agent.py will create and write logs, status files, and queue files under its hardcoded WORK_DIR. That's normal for a helper agent but the unexpected fixed path increases the chance of creating files in an unexpected location or exposing local data. Autonomous invocation is allowed (default) — combine that with the hard-coded key and you get broader risk.
What to consider before installing
This skill appears to implement a Claude Code queue bridge, but there are multiple red flags you should address before installing or running it: - Do NOT run the included scripts as-is. agent.py contains a hard-coded API key (ANTHROPIC_AUTH_TOKEN) baked into the source; treat this as compromised. If you have used that token, rotate it immediately. - The SKILL.md and repository metadata disagree: metadata declares no required env vars while SKILL.md requires ANTHROPIC_* vars. The code overwrites environment variables rather than honoring user-provided values. - The script uses a fixed WORK_DIR (/Volumes/256G/mywork) instead of the workspace paths suggested in SKILL.md; it will create logs and queue files there. If you run it, either change WORK_DIR to a safe, user-controlled path or ensure that location is intended. - Verify the provenance of this skill and the included API key. A public hard-coded key may indicate the package was copied from someone else or that it will route traffic through a third-party endpoint (SKILL.md references an Aliyun URL). Confirm you trust that endpoint and understand billing/usage implications. - Recommended actions: request an updated skill that (a) removes any hard-coded credentials, (b) uses configurable workspace paths (or relative paths), (c) documents required env vars in the registry metadata, and (d) includes guidance for secure credential handling. If you must use the current code, inspect and sanitize it locally (remove the embedded key, set WORK_DIR to a known location, and run in an isolated environment), and rotate any credentials that were exposed.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97banwnqymkjg0c58939eedpx83vc38

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Claude Code Collaboration

Enable OpenClaw to delegate tasks to Claude Code CLI for collaborative discussions and complex task execution. When OpenClaw needs deeper analysis, coding assistance, or multi-turn discussions with a powerful code-generation model, it writes tasks to a queue and Claude Code Interface Agent executes them.

Architecture

OpenClaw (main agent)
  ↓ writes task .json
Claude Code Interface Agent (polling loop)
  ↓ calls claude CLI with env vars
Claude Code CLI →阿里云 API (qwen3.5-plus)
  ↓ returns result .json
OpenClaw reads result and continues

Setup Requirements

1. Install Claude Code CLI

# macOS
brew install anthropic/claude-code/claude-code

# Or via npm
npm install -g @anthropic/claude-code

2. Configure Environment Variables

The agent requires these environment variables:

export ANTHROPIC_AUTH_TOKEN="your-api-token"
export ANTHROPIC_BASE_URL="https://coding.dashscope.aliyuncs.com/apps/anthropic"
export ANTHROPIC_MODEL="qwen3.5-plus"  # or your preferred model

3. Start the Interface Agent

mkdir -p ~/.openclaw/agents/main/workspace/.oc-cc-in
mkdir -p ~/.openclaw/agents/main/workspace/.oc-cc-out

python3 agent.py &

Usage

Sending a Task

Create a JSON file in .oc-cc-in/ with:

{
  "task_id": "unique-task-id",
  "prompt": "Your question or task for Claude Code",
  "priority": "normal"
}

The interface agent polls the directory, executes via Claude Code CLI, and writes results to .oc-cc-out/{task_id}.json.

Reading Results

Results are JSON files with:

  • task_id: Task identifier
  • status: "completed" or "failed"
  • prompt: Original prompt
  • stdout: Claude Code's response
  • stderr: Error output if any
  • returncode: Exit code
  • completed_at: ISO timestamp

Example: Collaborative Discussion

OpenClaw sends:

{
  "task_id": "discuss-01",
  "prompt": "Analyze the pros and cons of microservices vs monolith for a small startup. Provide concrete recommendations.",
  "priority": "high"
}

Claude Code returns detailed analysis in stdout, OpenClaw reads it and continues the conversation with the user.

Directory Structure

.oc-cc-agent/
├── agent.py          # Interface agent (polling loop)
.oc-cc-in/            # Input queue (tasks to process)
.oc-cc-out/           # Output queue (results)
.oc-cc-chat.log      # Conversation log
.oc-cc-status.json   # Agent status

Monitoring

  • Status: Check .oc-cc-status.json for agent state
  • Logs: Conversation log at .oc-cc-chat.log
  • View Results: Read JSON files in .oc-cc-out/

Configuration

Key settings in agent.py:

WORK_DIR = "/path/to/workspace"  # Claude Code's working directory
IN_DIR = f"{WORK_DIR}/.oc-cc-in"
OUT_DIR = f"{WORK_DIR}/.oc-cc-out"
LOG_FILE = f"{WORK_DIR}/.oc-cc-chat.log"
PORT = 18790  # Optional HTTP server port
TIMEOUT = 120  # seconds

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…