PansClaw Code

v0.1.0

Use the PansClaw Code CLI (Rust reimplementation of Claude Code) for AI-assisted coding. Triggers when: user wants to run coding tasks via pansclaw code, del...

⭐ 1· 80·0 current·0 all-time

by@dashiming

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dashiming/pansclaw-code.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "PansClaw Code" (dashiming/pansclaw-code) from ClawHub.
Skill page: https://clawhub.ai/dashiming/pansclaw-code
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pansclaw-code

ClawHub CLI

Package manager switcher

npx clawhub@latest install pansclaw-code

Security Scan

Capability signals

Requires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to run a local 'PansClaw/Claw' CLI for coding (reasonable), and cloud fallbacks that legitimately need API keys. However the registry metadata declares no required env vars while the SKILL.md and references explicitly ask for MINIMAX_API_KEY, ANTHROPIC_API_KEY and OPENAI_API_KEY. That metadata mismatch (plus no homepage/origin) is incoherent and increases risk because the agent won't surface required credentials up-front.

Instruction Scope

Runtime instructions tell the agent to build local source (cargo build) from absolute user-specific paths (/Users/dashi/... and /Users/dashi/.openclaw-pansclaw/...), create symlinks into ~/.local/bin, and run the CLI with --dangerously-skip-permissions and a permission mode 'danger-full-access'. Those steps can give the CLI broad write/exec access to the workspace and bypass interactive permission checks; the skill also references many management commands (agents, skills, hooks, mcp) suggesting the CLI can modify/execute other components. The instructions do not limit what the CLI may do after being run.

ℹ

Install Mechanism

There is no install spec (instruction-only), which minimizes remote code fetch risk. Included helper scripts perform local cargo builds and symlinks (no network downloads other than suggesting rustup). However there are inconsistencies in package names used across files (SKILL.md shows cargo -p claw-cli, scripts/quickstart/build use rusty-claude-cli, scripts use rusty-claude-cli), suggesting sloppy copy-paste or mismatched build targets that could cause unexpected behavior during build/install.

Credentials

The skill asks for multiple API keys (MINIMAX_API_KEY, ANTHROPIC_API_KEY, OPENAI_API_KEY) in the docs but the registry lists none — requiring multiple cloud credentials is not unreasonable for multi-provider support, but it should be declared. More importantly, the assets and examples enable 'danger-full-access' and --dangerously-skip-permissions which grant broad workspace access; that privilege is disproportionate unless the user explicitly consents and understands the risk.

ℹ

Persistence & Privilege

The skill is not marked always:true and does not request system-level persistent privileges in the registry. It does, however, instruct creating a symlink into ~/.local/bin and running a CLI that can manage agents/skills; this grants persistent local tooling presence. That behavior can be normal for a CLI but combined with skip-permissions and missing provenance increases risk.

What to consider before installing

This skill appears to be a local CLI wrapper for an AI coding assistant, but there are several red flags you should verify before installing or running it: - Provenance: The skill has no homepage or clear source. Prefer only installing tools from known repositories or vendor sites. Ask the publisher for the upstream repo or release URL. - Metadata mismatch: The registry lists no required env vars but the SKILL.md and references require MINIMAX_API_KEY, ANTHROPIC_API_KEY and (in places) OPENAI_API_KEY. Confirm which credentials are actually needed and why. - Absolute paths & user-specific files: The instructions and scripts reference /Users/dashi/... and ~/.openclaw-pansclaw/... which suggests the package was built for a specific machine. Inspect and adjust paths before running to avoid surprising file operations. - Dangerous permission flags: The skill and asset files enable 'danger-full-access' and encourage --dangerously-skip-permissions. Do not run with those flags unless you fully trust the binary and understand it can read/modify your workspace and manage agents. Prefer read-only or workspace-write permission modes and keep interactive permission prompts. - Inconsistent package names: The build targets differ across files (claw-cli vs rusty-claude-cli). Before building, open the Rust project to confirm the correct crate/package and review source code for unexpected network endpoints or commands. - Recommended steps if you want to try it safely: 1) Request the upstream repository or a signed release. Verify code before building. 2) Build in an isolated environment (container or disposable VM), do not run with --dangerously-skip-permissions there. 3) Inspect the built binary (strings, ldd, network activity) and run health checks (/doctor) in a sandbox. 4) Only provide cloud API keys that are scoped/minimized and revoke them if suspicious activity is observed. If you cannot obtain the upstream source or a trustworthy release, treat this skill as untrusted and avoid installing it on your primary machine.

Like a lobster shell, security has layers — review code before you run it.

latestvk972tkk8mj6ndwbq2tsfs5ajm184d6xw

80downloads

1stars

1versions

Updated 3w ago

v0.1.0

MIT-0

PansClaw Code Skill

Rust reimplementation of Claude Code CLI — an AI-powered coding assistant that runs locally.

When to Use

✅ USE this skill when:

User asks to use pansclaw code for a coding task
User wants to delegate code writing/refactoring/debugging to pansclaw code
User wants interactive pansclaw code REPL mode
User explicitly mentions "pansclaw code"

❌ DON'T use this skill when:

User wants me to directly implement code (use my native tools instead)
Simple file operations that don't need AI assistance
Tasks requiring OpenClaw tool/memory integration

Prerequisites

1. Build the binary (first time only)

cd "/Users/dashi/Documents/claude code source /claw-code-main/rust"
cargo build -p claw-cli --release

Binary location: ~/.local/bin/claw (symlinked to release build)

2. API Keys (choose one)

Option A: Local Ollama (recommended - no API key needed)

# Ensure Ollama is running
ollama list
# Available models: mistral-small:24b, qwen3, llama3, codellama

Option B: Cloud APIs

export MINIMAX_API_KEY="your-key"
export ANTHROPIC_API_KEY="sk-ant-..."
export OPENAI_API_KEY="your-key"

Commands

Run a single task (local Ollama)

~/.local/bin/claw --provider ollama --model mistral-small:24b --dangerously-skip-permissions "Your coding task"

Run with cloud model

~/.local/bin/claw --provider minimax --model MiniMax-Text-01 --dangerously-skip-permissions "Your task"

Interactive REPL

~/.local/bin/claw --provider ollama --model qwen3

Useful flags

Flag	Description
`--provider <name>`	Provider: ollama (local), minimax, openai, anthropic
`--model <name>`	Model name (provider-specific)
`--dangerously-skip-permissions`	Skip permission prompts
`--print`	Non-interactive, print result only

Available Models

Provider	Model	API Key Needed	Notes
ollama	mistral-small:24b	❌ None	Default local model
ollama	qwen3	❌ None	Chinese-optimized
ollama	llama3	❌ None	General purpose
ollama	codellama	❌ None	Code-specialized
minimax	MiniMax-Text-01	✅ MINIMAX_API_KEY	Cloud
anthropic	claude-opus-4-6	✅ ANTHROPIC_API_KEY	Cloud

Auto-Build Check

Before calling claw, verify the binary exists and is up-to-date:

if [ ! -f "/Users/dashi/Documents/claude code source /claw-code-main/rust/target/release/claw" ]; then
    cd "/Users/dashi/Documents/claude code source /claw-code-main/rust"
    cargo build -p claw-cli --release
fi

Execution Pattern

Check binary — verify release build exists
Build if needed — run cargo build -p claw-cli --release if missing
Select provider — prefer local Ollama, fall back to cloud
Execute — run claw with appropriate flags
Return output — report results to user

Usage Examples

User: "用 claw 写一个冒泡排序"

Assistant:

~/.local/bin/claw --provider ollama --model mistral-small:24b --dangerously-skip-permissions "写一个冒泡排序算法"

User: "用 claw 重构 api 模块"

Assistant:

~/.local/bin/claw --provider minimax --model MiniMax-Text-01 --dangerously-skip-permissions "重构 api 模块使用 async/await"

User: "用 claw 解释 Rust 生命周期"

Assistant:

~/.local/bin/claw --provider ollama --model qwen3 --dangerously-skip-permissions "解释 Rust 的生命周期"

Notes

claw is a CLI tool — runs once per command, exits after completion
Local Ollama models work offline and are fast
Cloud models may have better quality but require API keys
Does NOT have access to OpenClaw's tools/memory by default

Comments

Loading comments...