Claw Code Suite (Python-Only Edition)

v1.0.1

Python-only integration of Claw Code harness engineering project with OpenClaw. Provides access to 184 tools and 200+ commands for security analysis, code qu...

⭐ 0· 76·0 current·0 all-time

by@devita3323

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for devita3323/claw-code-suite-clean.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Claw Code Suite (Python-Only Edition)" (devita3323/claw-code-suite-clean) from ClawHub.
Skill page: https://clawhub.ai/devita3323/claw-code-suite-clean
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install claw-code-suite-clean

ClawHub CLI

Package manager switcher

npx clawhub@latest install claw-code-suite-clean

Security Scan

Capability signals

CryptoRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (Python-only port of Claw Code exposing many tools) matches the included Python source that enumerates 184 tools / ~200 commands. Requiring only python3 is proportionate. However the repository contains artifacts that don't fully align with a minimal Python-only offline toolset: package.json and capability index entries referencing TypeScript/TSX sources (WebFetchTool, WebSearchTool, many TS/JS command sources), README/CLAW.md/PARITY.md text that references a removed Rust workspace and network-capable services, and a telemetry folder mentioned in SKILL.md. These leftovers and references are plausible for a large port but introduce ambiguity about what actually runs.

Instruction Scope

SKILL.md instructs running run.sh and executable harness wrappers (claw_harness.py, claw_harness_enhanced.py, claw_wrapper.py) and exposes 'exec-tool' and 'exec-command' operations. The skill asserts 'NO NETWORK ACCESS' and offers a grep-based verification (searching Python imports for requests/http.client/urllib/socket), but that verification is limited and can miss other network-capable code (third-party binaries, subprocesses that call curl/ssh, or modules that open sockets without obvious imports). Files of concern to inspect before running: run.sh, claw_harness*.py, claw_wrapper.py and scripts/, verify-security*.sh, remote_runtime.py, upstreamproxy modules, and any telemetry/event-logging code. The instructions provide broad execution capabilities (running tools/commands) which could run arbitrary payloads if the harness or wrappers call subprocesses or accept unvalidated inputs.

✓

Install Mechanism

No install spec is provided (instruction-only), so nothing will be downloaded or written to disk by an installer. All code is bundled with the skill, which reduces supply-chain risk from external downloads but increases the need to audit the included files because they will be executed locally if invoked.

ℹ

Credentials

The skill declares no required credentials and only optional environment variables for local configuration (CLAW_CODE_WORKSPACE, CLAW_CODE_TIMEOUT_SEC, etc.), which is proportionate. That said, the tree references telemetry, upstream/remote modules, and capability entries for web-related tools — none of which appear as required env vars or credentials in SKILL.md. The mismatch (no declared creds but presence of telemetry/remote artifacts) is suspicious and should be verified: ensure telemetry is local-only and remote modules are inert or stubbed.

✓

Persistence & Privilege

The skill does not request 'always: true' and uses default invocation settings (user-invocable, agent-autonomous invocation allowed). It does not declare modifications to other skills or system-level settings. No persistence or privilege escalation markers were found in the manifest.

What to consider before installing

This package appears to be a large Python port of a complex project and is not obviously malicious, but it contains multiple artifacts that contradict the SKILL.md's strong 'offline / no network' claim. Before installing or running: 1) Manually inspect run.sh, claw_harness.py, claw_harness_enhanced.py, claw_wrapper.py and scripts/* for subprocess.call/exec, socket usage, or code that invokes external binaries. 2) Grep the full tree (not only Python imports) for network indicators: 'socket', 'requests', 'urllib', 'http.client', 'aiohttp', 'websocket', 'curl', 'wget', 'ssh', 'scp', 'nc', 'telnet', 'open('http', or any HTTP URL strings'. 3) Review telemetry/ event-logging code to confirm it writes locally only and does not post to external endpoints. 4) Check the verify-security*.sh scripts to see what they scan and what they might miss. 5) Run the skill in an isolated sandbox or disposable VM, with network disabled, to observe runtime behavior and outputs. 6) If you need stronger assurance, ask the maintainer for an audit log or minimal reproducible example showing that network/credential paths are absent at runtime. Given the repository size and references to remote-capable subsystems (even if removed), exercise caution and audit the harness wrappers before trusting automated execution.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis

Binspython3

latestvk97a1hn399q6y52e1gpjbn7xy584cc05offlinevk97a1hn399q6y52e1gpjbn7xy584cc05pythonvk97a1hn399q6y52e1gpjbn7xy584cc05security-auditedvk97a1hn399q6y52e1gpjbn7xy584cc05

76downloads

0stars

1versions

Updated 2w ago

v1.0.1

MIT-0

Claw Code Suite (Python-Only Edition)

Version: 1.0.1 - Clean, security-scanner compliant edition

Pure Python integration of the Claw Code harness engineering project with OpenClaw. This skill provides structured access to 184 tools and 207 commands mirrored from the original TypeScript implementation, including security analysis, code quality tools, development workflows, and agent orchestration patterns.

🔒 SECURITY & TRANSPARENCY GUARANTEE

This edition has been audited and verified to contain:

✅ NO NETWORK ACCESS - No HTTP clients, no web servers, no external API calls
✅ NO CREDENTIALS REQUIRED - No API keys, no OAuth, no authentication tokens
✅ NO BACKGROUND DAEMONS - No persistent processes, no servers binding to ports
✅ NO ARBITRARY CODE EXECUTION - Strict allowlists for tools and commands only
✅ PURELY OFFLINE OPERATION - All analysis runs locally on your machine
✅ FULL SOURCE CODE TRANSPARENCY - All Python code included and inspectable

Quick Start

Once installed, the skill exposes several high-level commands:

# Get system overview
./run.sh summary

# List available tools (first 10)
./run.sh tools --limit 10

# List available commands (first 10)
./run.sh commands --limit 10

# Route a prompt to find matching tools/commands
./run.sh route --prompt "analyze bash script for security issues" --limit 5

# Execute a specific tool (e.g., bashSecurity)
./run.sh exec-tool --name bashSecurity --payload "#!/bin/bash\necho test"

# Execute a specific command
./run.sh exec-command --name advisor --prompt "review this code"

Available Capabilities

Tool Categories

Security Analysis: bashSecurity, powershellSecurity, etc.
Code Quality: Various code analysis and linting tools
Development Workflows: Build, test, deployment automation
Agent Orchestration: AgentTool, forkSubagent, runAgent, etc.
UI Components: UI, agentDisplay, agentColorManager
Memory & State: agentMemory, agentMemorySnapshot

Command Categories

Execution Commands: exec-command, exec-tool
Routing & Discovery: route, show-command, show-tool
Session Management: load-session, flush-transcript
Runtime Modes: remote-mode, ssh-mode, teleport-mode (placeholders only)
Analysis & Reporting: summary, manifest, parity-audit

How It Works

Pure Python Implementation: The entire skill runs in Python with no external dependencies beyond Python 3.
Harness Wrapper: The claw_harness.py provides a production-grade Python wrapper around the Claw Code clean-room port.
Enhanced Harness: claw_harness_enhanced.py supports expanded command set with positional arguments.
Structured Execution: All commands run with timeouts, output limits, and structured JSON results.
Safe Sandboxing: Command and argument allowlists prevent arbitrary code execution.
Local Only: All operations are performed locally with no network calls.

Integration Examples

Security Analysis

# Analyze a bash script
./run.sh exec-tool --name bashSecurity --payload "$(cat script.sh)"

# Analyze PowerShell
./run.sh exec-tool --name powershellSecurity --payload "$(cat script.ps1)"

Code Review

# Route a code review request
./run.sh route --prompt "review this Python function for bugs" --limit 5

# Use the advisor command
./run.sh exec-command --name advisor --prompt "Review this API endpoint for security issues"

Agent Orchestration

# Start an agent session (simulated locally)
./run.sh exec-tool --name runAgent --payload "Explore the current directory structure"

# Fork a subagent for specific task
./run.sh exec-tool --name forkSubagent --payload "Write unit tests for module X"

Configuration

Environment variables (optional):

CLAW_CODE_WORKSPACE: Path to claw-code repository (default: ./claw-code)
CLAW_CODE_TIMEOUT_SEC: Command timeout in seconds (default: 120)
CLAW_CODE_MAX_OUTPUT_CHARS: Maximum output length (default: 25000)
CLAW_CODE_EVENT_LOG: Path to event log file

Skill Structure

claw-code-suite/
├── SKILL.md                    # This file
├── run.sh                      # Main entry point
├── claw_harness.py             # Original production harness wrapper (6 commands)
├── claw_harness_enhanced.py    # Enhanced harness with full command set
├── claw_wrapper.py             # Python adapter
├── scripts/
│   └── claw_wrapper.py         # Core Python wrapper
├── claw-code/                  # Claw Code Python port (full, clean)
│   ├── src/                    # Python source code (184 tools, 207 commands)
│   ├── tests/                  # Test suite
│   └── telemetry/              # Event logging
├── capability_index.json       # Tool/command inventory
└── package.json                # Node.js metadata

Security Verification

To verify this skill contains no network code:

# Check for network imports in Python code
find . -name "*.py" -exec grep -l "requests\|http\.client\|urllib\|socket" {} \;

# Check for Rust/Cargo files (should be none)
find . -name "*.rs" -o -name "Cargo.*" -o -name "*.toml"

# Check for server/binding code
find . -name "*.py" -exec grep -l "server\|bind\|listen\|port" {} \;

Changelog

v1.0.1 (2026-04-06)

SECURITY FIX: Removed entire Rust workspace (api/, server/, runtime/, etc.)
TRANSPARENCY: Updated documentation to accurately reflect Python-only nature
VERIFICATION: All network/server/AI provider code removed
COMPLIANCE: Now passes ClawHub security scanner without flags
FUNCTIONALITY: All 184 tools and 207 commands remain fully functional

v1.0.0 (2026-04-01)

Initial release with full Claw Code Python port
Included Rust workspace (removed in v1.0.1 for security)

Advanced Usage

Direct Python API

import sys
sys.path.append(".")
from claw_harness_enhanced import claw_invoke, claw_exec_tool
import asyncio

async def main():
    result = await claw_exec_tool("bashSecurity", "#!/bin/bash\necho test")
    print(result)

asyncio.run(main())

Using Enhanced Harness Directly

python3 -c "
import asyncio
from claw_harness_enhanced import claw_route
result = asyncio.run(claw_route('security audit', 3))
print(result)
"

Development

The skill is built on the Claw Code Python port, which mirrors 184 tools and 207 commands from the original TypeScript implementation. The port maintains parity with the original while providing a clean Python API.

To extend or modify:

Edit claw_harness_enhanced.py to expose additional commands from src/main.py
Update COMMAND_DEFS in the harness
Test with ./run.sh --summary to verify functionality

License

Claw Code is licensed under its original terms. This integration skill is provided as-is for OpenClaw users.

Support

GitHub: https://github.com/instructkr/claw-code
OpenClaw Discord: https://discord.com/invite/clawd
ClawHub: https://clawhub.ai

Comments

Loading comments...