ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Coding Agent Workflows

v1.0.0

Delegate coding tasks to Codex, Claude Code, Pi, or OpenCode from bash with safe launch modes, background monitoring, and repo-isolated review workflows.

0· 20·0 current·0 all-time
byDaniel Sinewe@danielsinewe·duplicate of @danielsinewe/openclaw-coding-agent-playbook·canonical: @utromaya-code/coding-delegate-agent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim to delegate coding agents, and the skill only requires at least one agent binary (claude, codex, opencode, pi), which aligns with the purpose. However, the runtime instructions routinely call other local tools (git, gh, mktemp, bash) and rely on CLI semantics (process action:*, openclaw system event) that are not declared in the metadata. The omission of utilities like git/gh and reliance on unrestricted cloning/execution is an inconsistency (not necessarily malicious) that the user should be aware of.
!
Instruction Scope
SKILL.md instructs the agent to run external coding agents in PTY/full-auto modes and to clone and execute inside repositories. It explicitly recommends Claude Code use '--permission-mode bypassPermissions' (which appears to circumvent permission constraints). The instructions permit launching long-running background sessions and submitting interactive responses — all of which can execute arbitrary code inside local checkouts. While these actions are within the claimed purpose, the permission-bypass recommendation and the lack of explicit safety checks or audit/verification steps are significant scope concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by installation. That is the lowest install risk.
Credentials
No environment variables or credentials are requested by the skill metadata, which is proportionate. That said, example workflows expect tools that may themselves require credentials (e.g., gh, codex/claude API keys) but the skill does not declare or explain how to supply or protect those. The explicit encouragement to use '--permission-mode bypassPermissions' for Claude Code is disproportionate for a skill that doesn't otherwise request elevated access — it suggests bypassing protections outside the skill's declared scope.
Persistence & Privilege
always:false and no install-time persistence are set. The skill can be invoked autonomously per platform defaults, which is expected. It does not request to modify other skills or agent-wide settings.
What to consider before installing
This skill is coherent with its goal of orchestrating other coding agents, but there are actionable concerns you should consider before using it: - Missing local dependencies: Examples call git, gh, mktemp, and bash behaviors not declared in the metadata. Ensure those CLIs exist and are the versions you expect. - Permission bypass: The advice to run Claude Code with '--permission-mode bypassPermissions' effectively disables safety controls. Avoid that flag unless you fully trust the agent binary and isolate its execution environment. - Full-auto + PTY risk: Running agent binaries with PTY:true and --full-auto lets the remote agent execute arbitrary commands inside your repository. Use temp clones or worktrees (as the guide suggests), scan outputs, and never run this on sensitive repos or your real OpenClaw config (~/.openclaw). - Credential handling: The skill does not request credentials, but the agent CLIs likely need API keys or gh auth. Verify where those credentials are stored and limit their scope (least privilege). Prefer ephemeral tokens and sandboxed environments. - Audit and gating: Add review gates (manual approval before merges), run tests in sandboxed CI, and consider restricting network or filesystem access for agent runs. Given the permission-bypass recommendation and the omission of other required tools, treat this skill as high-risk and only run it in isolated, disposable environments until you validate its behavior and configuration.

Like a lobster shell, security has layers — review code before you run it.

automationvk97ctbq7frs4apztja199kdwnx85155qcoding-agentvk97ctbq7frs4apztja199kdwnx85155qdevtoolsvk97ctbq7frs4apztja199kdwnx85155qlatestvk97ctbq7frs4apztja199kdwnx85155qopenclawvk97ctbq7frs4apztja199kdwnx85155qorchestrationvk97ctbq7frs4apztja199kdwnx85155qreviewvk97ctbq7frs4apztja199kdwnx85155qworkflowvk97ctbq7frs4apztja199kdwnx85155q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧩 Clawdis
Any binclaude, codex, opencode, pi

Comments