Coding Cli Management
Manage and execute AI coding CLI tools on behalf of Workers by running their coding prompts in the Worker’s workspace and returning results.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 77 · 1 current installs · 1 all-time installs
byMonty@montycn
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the code: the scripts detect installed coding CLIs and run them against a Worker workspace. However the skill does not declare several runtime requirements it clearly uses (mc, jq, timeout, claude/gemini/qodercli binaries) nor any config path requirements, even though it reads/writes ~/coding-cli-config.json and expects ~/.claude, ~/.gemini, ~/.qoder. This mismatch between claimed requirements and actual needs is unexpected.
Instruction Scope
SKILL.md instructs the Manager to mirror workspaces from MinIO, create processing markers, save prompts, invoke the CLIs inside the workspace, and push changes back to MinIO. It also expects the Manager to contact an admin via a primary channel for enabling CLI mode. The instructions reference many system paths and other skill scripts (/opt/hiclaw/agent/skills/...), and guidance references checking CLI credential directories (e.g. ~/.{cli}) and host-shared config. These are within the apparent purpose but broaden the agent's access surface (host config, workspaces, storage) and the admin interaction is underspecified.
Install Mechanism
Instruction-only skill with included shell scripts; no external downloads or install steps. The code files are bundled with the skill, so nothing will be fetched from arbitrary URLs at install time.
Credentials
The skill declares no required env vars or config paths, yet it expects access to home config dirs (e.g. ~/.claude, ~/.gemini, ~/.qoder), MinIO via `mc`, and other agent skill scripts. Access to CLI credential directories and the ability to mirror/push workspaces to MinIO are powerful capabilities; these should be declared and justified. The skill may therefore gain access to tokens or credentials present in those locations without the registry metadata reflecting that requirement.
Persistence & Privilege
always is false and the skill writes only its own config at ~/coding-cli-config.json. It does not request permanent platform-level privileges. It will, however, operate autonomously when invoked (normal).
What to consider before installing
What to consider before installing:
- This skill will run local AI coding CLIs (claude/gemini/qodercli) inside task workspaces and then push changes back to MinIO. That means it will read and modify your project files and requires working MinIO/`mc` access.
- The package metadata does not list required binaries (mc, jq, timeout, the CLI binaries) or config paths (e.g. ~/.claude). Ask the publisher to declare these explicitly before installing.
- The scripts look for and may use CLI config directories (~/.claude, ~/.gemini, ~/.qoder). If those directories contain tokens or credentials, the skill could access them. Ensure those credentials are scoped minimally or not present if you do not trust the skill.
- The run script uses flags like --dangerously-skip-permissions and --yolo (tool-specific) which indicate the CLI will run with permissive behavior; review what those flags do for each CLI and whether that is acceptable.
- Confirm the admin consent flow: SKILL.md says the Manager will message an admin to enable CLI delegation, but the mechanism is underspecified. Verify that human approval is enforced and logged.
- Mitigations: sandbox the skill (limit access to only intended workspaces), provide dedicated low-privilege CLI credentials/configs, back up repositories before enabling automatic pushes, and require human review of diffs produced by the CLI before allowing automatic pushes to production branches.
If you cannot confirm the above or cannot restrict host/config access, treat this skill with caution or request a revised version that declares dependencies and minimizes direct access to host credentials.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Coding CLI Management
This skill enables the Manager to execute AI coding CLI tools (claude/gemini/qodercli) on behalf of Workers. Workers generate precise prompts; the Manager runs the CLI in the Worker's workspace and returns the result.
Config File
Path: ~/coding-cli-config.json
{
"enabled": true,
"cli": "claude",
"confirmed_at": "2026-02-23T10:00:00Z"
}
enabled | cli | Meaning |
|---|---|---|
false | any | Admin declined; use normal task flow |
true | "claude" / "gemini" / "qodercli" | Active — use this CLI |
Step 1: First-Time Detection (before assigning a coding task)
Run when ~/coding-cli-config.json does not exist:
bash /opt/hiclaw/agent/skills/coding-cli-management/scripts/detect-available-cli.sh
If no CLIs are available (available array is empty):
echo '{"enabled":false,"cli":null,"confirmed_at":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' \
> ~/coding-cli-config.json
Proceed with normal task assignment (Worker codes on their own).
If CLIs are available, ask the admin via the primary channel or Matrix DM — in the language the admin used:
I found the following AI coding CLI tools available: [list]. Would you like to enable CLI delegation mode? Workers will generate coding prompts, and I'll use the CLI tool to make the code changes. Reply with the tool name (claude/gemini/qodercli) to enable, or 'no' to have workers code on their own.
On admin reply:
- Tool name (
claude/gemini/qodercli):echo '{"enabled":true,"cli":"<chosen-tool>","confirmed_at":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' \ > ~/coding-cli-config.json "no"or decline:echo '{"enabled":false,"cli":null,"confirmed_at":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' \ > ~/coding-cli-config.json
Step 2: Assigning a Coding Task (CLI mode enabled)
When coding-cli-config.json has enabled: true:
-
Ensure the Worker has the
coding-cliskill. Checkworkers-registry.json:cat ~/hiclaw-fs/agents/manager/workers-registry.json | jq '.workers[] | select(.name=="<worker>") | .skills'If
coding-cliis missing, distribute it:bash /opt/hiclaw/agent/skills/worker-management/scripts/push-worker-skills.sh \ --worker <worker-name> --skill coding-cli -
Add a "Coding CLI Mode" section to spec.md (see template below).
Step 3: Handling a coding-request: Message
When a Worker sends a message containing coding-request: (in their Worker Room or a Project Room):
Parse the message:
task-{task-id} coding-request:
workspace: ~/hiclaw-fs/shared/tasks/{task-id}/workspace
---PROMPT---
{prompt content}
---END---
Execute:
# 1. Sync workspace from MinIO
task_id="task-YYYYMMDD-HHMMSS"
workspace="/root/hiclaw-fs/shared/tasks/${task_id}/workspace"
mc mirror "hiclaw/hiclaw-storage/shared/tasks/${task_id}/" "/root/hiclaw-fs/shared/tasks/${task_id}/"
# 2. Check for processing marker (task coordination)
bash /opt/hiclaw/agent/skills/task-coordination/scripts/check-processing-marker.sh "$task_id"
if [ $? -ne 0 ]; then
# Another process is working on this task
echo "Task ${task_id} is being processed by another operation. Retry later."
exit 1
fi
# 3. Create processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/create-processing-marker.sh "$task_id" "manager" 15
# 4. Save prompt to file
timestamp=$(date +%Y%m%d-%H%M%S)
prompt_dir="/root/hiclaw-fs/shared/tasks/${task_id}/coding-prompts"
mkdir -p "$prompt_dir"
prompt_file="$prompt_dir/${timestamp}.txt"
cat > "$prompt_file" << 'PROMPT_EOF'
{extracted prompt content}
PROMPT_EOF
# 5. Get configured CLI
cli=$(jq -r '.cli' ~/coding-cli-config.json)
# 6. Run CLI
bash /opt/hiclaw/agent/skills/coding-cli-management/scripts/run-coding-cli.sh \
--cli "$cli" \
--workspace "$workspace" \
--prompt-file "$prompt_file" \
--timeout 600
exit_code=$?
# 7. Remove processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/remove-processing-marker.sh "$task_id"
# 8. On success (exit 0): push changes to MinIO
if [ "$exit_code" -eq 0 ]; then
mc mirror "/root/hiclaw-fs/shared/tasks/${task_id}/workspace/" "hiclaw/hiclaw-storage/shared/tasks/${task_id}/workspace/" --overwrite
fi
On success — send to Worker in the same Room:
@{worker}:DOMAIN task-{task-id} coding-result:
CLI 工具已完成编码。请同步工作目录并 review 变更:
bash /opt/hiclaw/agent/skills/file-sync/scripts/hiclaw-sync.sh
变更记录:~/hiclaw-fs/shared/tasks/{task-id}/workspace/coding-cli-logs/
On failure (exit ≠ 0 or timeout) — see Step 4.
Step 4: Handling Failure
Notify Worker in the task Room:
@{worker}:DOMAIN task-{task-id} coding-failed:
CLI 工具执行失败(exit code: {code})。请自行完成编码任务。
你生成的提示词已保存于:~/hiclaw-fs/shared/tasks/{task-id}/coding-prompts/
Notify Human Admin via escalate-to-admin.sh or primary channel:
Worker {worker-name} 的编码委托任务 {task-id} 中,{cli} 工具执行失败。
错误信息:{last lines from log file}
建议检查:
- ~/.{cli}/ 凭证是否有效(token 是否过期)
- /host-share/.{cli}/ 软链是否正常(ls -la /root/.{cli})
- {cli} binary 是否在容器内可用(which {cli})
Record in config (optional, for heartbeat diagnostics):
jq --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" --arg tid "$task_id" \
'.last_failure = {task_id: $tid, failed_at: $ts}' \
~/coding-cli-config.json > /tmp/cfg.json && \
mv /tmp/cfg.json ~/coding-cli-config.json
Spec.md Coding CLI Mode Template
Append to the end of spec.md when CLI mode is enabled:
## Coding CLI Mode
本任务涉及代码修改。请使用 **Coding CLI 委托模式** 完成:
1. 克隆/准备代码到工作目录:`~/hiclaw-fs/shared/tasks/{task-id}/workspace/`
2. 推送到 MinIO:`mc mirror ~/hiclaw-fs/shared/tasks/{task-id}/workspace/ hiclaw/hiclaw-storage/shared/tasks/{task-id}/workspace/`
3. 根据你的理解和 `coding-cli` skill 生成编码提示词,发送给我
4. 等待我执行 CLI 工具并返回结果
5. Sync 拉取变更:`bash /opt/hiclaw/agent/skills/file-sync/scripts/hiclaw-sync.sh`
6. Review 变更并报告完成
如收到 `coding-failed:`,请自行完成编码工作。
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…