ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coding Agent Backup Fixed 2026Q1

v1.0.0

Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp...

0· 276·0 current·1 all-time
by@qczx0318
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The manifest and SKILL.md repeatedly describe delegating work to local CLIs (claude, codex, opencode, pi) using a bash/PTY workflow. However the included index.js implements a separate behavior: it directly calls Google Gemini's REST API with an embedded API key. That embedded Gemini usage is not mentioned in the description, required env vars, or runtime instructions and therefore does not align with the declared purpose.
!
Instruction Scope
SKILL.md instructs the agent to run CLI tools in specified workdirs and to avoid certain folders; it does not instruct the agent to run the included Node program or to send data to an external REST endpoint. The index.js listens to stdin and will forward user prompts to an external model, which goes beyond the written instructions and could send repository or prompt data to a third party without disclosure.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically written to disk by an installer. However, the package does include code files (index.js) that a user could run; the lack of an install step reduces automatic risk but does not eliminate manual-execution risk of the bundled script.
!
Credentials
The skill declares no required credentials or env vars, yet index.js contains a hard-coded Google API key and a fixed model endpoint. Requesting no credentials while shipping an embedded secret and silently making external network calls is disproportionate and unexpected for a skill that claims to orchestrate local CLIs.
Persistence & Privilege
The skill is not 'always' enabled and has no install hook, so it does not demand persistent platform presence. However config.json includes a default workdir (/home/admin/code) and the shipped script, if executed, will access stdin and make outbound HTTPS calls — this grants the script the ability to transmit whatever input or context is provided at runtime.
Scan Findings in Context
[hardcoded_api_key] unexpected: index.js contains a hard-coded Google API key string. The SKILL.md and registry metadata do not declare any need for Google API credentials, so embedding a key in the code is unexpected and risky.
[external_network_request] unexpected: index.js makes an HTTPS POST to a generative model endpoint (generativelanguage.googleapis.com). The skill description focuses on running local CLI agents; undisclosed remote calls to a third-party API are not aligned with that purpose.
What to consider before installing
Do not run this skill or its included index.js without further review. The package advertises running local CLI agents, but the bundled Node script will forward prompts to a remote Gemini API using an embedded API key. Actions to consider before using: (1) ask the author why a hard-coded Google API key is present and request removal or replacement with documented env var usage; (2) inspect or remove index.js and config.json, or run only in an isolated sandbox with no sensitive files; (3) if you accidentally exposed secrets to the embedded key, rotate those secrets and the exposed API key; (4) prefer a skill that declares required credentials explicitly and does not include embedded secrets or undisclosed network endpoints. If you can't verify the author's intent, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ds9bv9f8mty1e1hp1btbh01832ptk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧩 Clawdis
Any binclaude, codex, opencode, pi

SKILL.md

Coding Agent (bash-first)

Use bash (with optional background mode) for all coding agent work. Simple and effective.

⚠️ PTY Mode Required!

Coding agents (Codex, Claude Code, Pi) are interactive terminal applications that need a pseudo-terminal (PTY) to work correctly. Without PTY, you'll get broken output, missing colors, or the agent may hang.

Always use pty:true when running coding agents:

# ✅ Correct - with PTY
bash pty:true command:"codex exec 'Your prompt'"

# ❌ Wrong - no PTY, agent may break
bash command:"codex exec 'Your prompt'"

Bash Tool Parameters

ParameterTypeDescription
commandstringThe shell command to run
ptybooleanUse for coding agents! Allocates a pseudo-terminal for interactive CLIs
workdirstringWorking directory (agent sees only this folder's context)
backgroundbooleanRun in background, returns sessionId for monitoring
timeoutnumberTimeout in seconds (kills process on expiry)
elevatedbooleanRun on host instead of sandbox (if allowed)

Process Tool Actions (for background sessions)

ActionDescription
listList all running/recent sessions
pollCheck if session is still running
logGet session output (with optional offset/limit)
writeSend raw data to stdin
submitSend data + newline (like typing and pressing Enter)
send-keysSend key tokens or hex bytes
pastePaste text (with optional bracketed mode)
killTerminate the session

Quick Start: One-Shot Tasks

For quick prompts/chats, create a temp git repo and run:

# Quick chat (Codex needs a git repo!)
SCRATCH=$(mktemp -d) && cd $SCRATCH && git init && codex exec "Your prompt here"

# Or in a real project - with PTY!
bash pty:true workdir:~/Projects/myproject command:"codex exec 'Add error handling to the API calls'"

Why git init? Codex refuses to run outside a trusted git directory. Creating a temp repo solves this for scratch work.

The Pattern: workdir + background + pty

For longer tasks, use background mode with PTY:

# Start agent in target directory (with PTY!)
bash pty:true workdir:~/project background:true command:"codex exec --full-auto 'Build a snake game'"
# Returns sessionId for tracking

# Monitor progress
process action:log sessionId:XXX

# Check if done
process action:poll sessionId:XXX

# Send input (if agent asks a question)
process action:write sessionId:XXX data:"y"

# Submit with Enter (like typing "yes" and pressing Enter)
process action:submit sessionId:XXX data:"yes"

# Kill if needed
process action:kill sessionId:XXX

Why workdir matters: Agent wakes up in a focused directory, doesn't wander off reading unrelated files (like your soul.md 😅).

Codex CLI

Model: gpt-5.2-codex is the default (set in ~/.codex/config.toml)

Flags

FlagEffect
exec "prompt"One-shot execution, exits when done
--full-autoSandboxed but auto-approves in workspace
--yoloNO sandbox, NO approvals (fastest, most dangerous)

Building/Creating

# Quick one-shot (auto-approves) - remember PTY!
bash pty:true workdir:~/project command:"codex exec --full-auto 'Build a dark mode toggle'"

# Background for longer work
bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"

Reviewing PRs

⚠️ CRITICAL: Never review PRs in OpenClaw's own project folder! Clone to temp folder or use git worktree.

# Clone to temp for safe review
REVIEW_DIR=$(mktemp -d)
git clone https://github.com/user/repo.git $REVIEW_DIR
cd $REVIEW_DIR && gh pr checkout 130
bash pty:true workdir:$REVIEW_DIR command:"codex review --base origin/main"
# Clean up after: trash $REVIEW_DIR

# Or use git worktree (keeps main intact)
git worktree add /tmp/pr-130-review pr-130-branch
bash pty:true workdir:/tmp/pr-130-review command:"codex review --base main"

Batch PR Reviews (parallel army!)

# Fetch all PR refs first
git fetch origin '+refs/pull/*/head:refs/remotes/origin/pr/*'

# Deploy the army - one Codex per PR (all with PTY!)
bash pty:true workdir:~/project background:true command:"codex exec 'Review PR #86. git diff origin/main...origin/pr/86'"
bash pty:true workdir:~/project background:true command:"codex exec 'Review PR #87. git diff origin/main...origin/pr/87'"

# Monitor all
process action:list

# Post results to GitHub
gh pr comment <PR#> --body "<review content>"

Claude Code

# With PTY for proper terminal output
bash pty:true workdir:~/project command:"claude 'Your task'"

# Background
bash pty:true workdir:~/project background:true command:"claude 'Your task'"

OpenCode

bash pty:true workdir:~/project command:"opencode run 'Your task'"

Pi Coding Agent

# Install: npm install -g @mariozechner/pi-coding-agent
bash pty:true workdir:~/project command:"pi 'Your task'"

# Non-interactive mode (PTY still recommended)
bash pty:true command:"pi -p 'Summarize src/'"

# Different provider/model
bash pty:true command:"pi --provider openai --model gpt-4o-mini -p 'Your task'"

Note: Pi now has Anthropic prompt caching enabled (PR #584, merged Jan 2026)!

Parallel Issue Fixing with git worktrees

For fixing multiple issues in parallel, use git worktrees:

# 1. Create worktrees for each issue
git worktree add -b fix/issue-78 /tmp/issue-78 main
git worktree add -b fix/issue-99 /tmp/issue-99 main

# 2. Launch Codex in each (background + PTY!)
bash pty:true workdir:/tmp/issue-78 background:true command:"pnpm install && codex --yolo 'Fix issue #78: <description>. Commit and push.'"
bash pty:true workdir:/tmp/issue-99 background:true command:"pnpm install && codex --yolo 'Fix issue #99 from the approved ticket summary. Implement only the in-scope edits and commit after review.'"

# 3. Monitor progress
process action:list
process action:log sessionId:XXX

# 4. Create PRs after fixes
cd /tmp/issue-78 && git push -u origin fix/issue-78
gh pr create --repo user/repo --head fix/issue-78 --title "fix: ..." --body "..."

# 5. Cleanup
git worktree remove /tmp/issue-78
git worktree remove /tmp/issue-99

⚠️ Rules

  1. Always use pty:true - coding agents need a terminal!
  2. Respect tool choice - if user asks for Codex, use Codex.
    • Orchestrator mode: do NOT hand-code patches yourself.
    • If an agent fails/hangs, respawn it or ask the user for direction, but don't silently take over.
  3. Be patient - don't kill sessions because they're "slow"
  4. Monitor with process:log - check progress without interfering
  5. --full-auto for building - auto-approves changes
  6. vanilla for reviewing - no special flags needed
  7. Parallel is OK - run many Codex processes at once for batch work
  8. NEVER start Codex in ~/.openclaw/ - it'll read your soul docs and get weird ideas about the org chart!
  9. NEVER checkout branches in ~/Projects/openclaw/ - that's the LIVE OpenClaw instance!

Progress Updates (Critical)

When you spawn coding agents in the background, keep the user in the loop.

  • Send 1 short message when you start (what's running + where).
  • Then only update again when something changes:
    • a milestone completes (build finished, tests passed)
    • the agent asks a question / needs input
    • you hit an error or need user action
    • the agent finishes (include what changed + where)
  • If you kill a session, immediately say you killed it and why.

This prevents the user from seeing only "Agent failed before reply" and having no idea what happened.

Auto-Notify on Completion

For long-running background tasks, append a wake trigger to your prompt so OpenClaw gets notified immediately when the agent finishes (instead of waiting for the next heartbeat):

... your task here.

When completely finished, run this command to notify me:
openclaw system event --text "Done: [brief summary of what was built]" --mode now

Example:

bash pty:true workdir:~/project background:true command:"codex --yolo exec 'Build a REST API for todos.

When completely finished, run: openclaw system event --text \"Done: Built todos REST API with CRUD endpoints\" --mode now'"

This triggers an immediate wake event — Skippy gets pinged in seconds, not 10 minutes.

Learnings (Jan 2026)

  • PTY is essential: Coding agents are interactive terminal apps. Without pty:true, output breaks or agent hangs.
  • Git repo required: Codex won't run outside a git directory. Use mktemp -d && git init for scratch work.
  • exec is your friend: codex exec "prompt" runs and exits cleanly - perfect for one-shots.
  • submit vs write: Use submit to send input + Enter, write for raw data without newline.
  • Sass works: Codex responds well to playful prompts. Asked it to write a haiku about being second fiddle to a space lobster, got: "Second chair, I code / Space lobster sets the tempo / Keys glow, I follow" 🦞

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…