Preqstation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for delegating coding work, but it explicitly allows sandbox/approval-bypass style CLI execution and background coding agents, so users should review it before use.
Install only if you want OpenClaw to delegate coding work to local Claude, Codex, or Gemini CLIs. Before use, verify the mapped project path, prefer sandboxed execution when possible, monitor background sessions, and review all worktree diffs before merging.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could run commands or change files with fewer safeguards than expected, even though the skill tries to keep work inside a git worktree.
The skill instructs the agent to use flags that may bypass normal sandboxing or approval safeguards for coding-agent execution.
Use `dangerously-*` / sandbox-disable flags only for actual coding execution with local trusted CLIs.
Use only with trusted repositories and trusted CLI installations. Prefer sandboxed modes where possible, and require explicit user confirmation before any dangerous or sandbox-disabling flag is used.
Installing and invoking this skill can cause Claude Code, Codex CLI, or Gemini CLI to execute coding tasks locally.
The skill is designed to launch local coding CLI processes, which is expected for its purpose but still means it performs local command execution.
create a per-task git worktree and use it as execution `<cwd>`; launch engine commands with `pty:true` and explicit `workdir:<cwd>`
Review the chosen worktree, inspect diffs before merging, and avoid using this on sensitive repositories unless you trust the selected CLI and its configuration.
A coding task may continue running in the background after the initial response, consuming resources or continuing to modify the worktree.
The skill intentionally starts long-running background coding sessions by default, though it also documents polling, logging, and kill controls.
Launch coding agents with `background:true` by default. Use foreground only when user explicitly asks for blocking/synchronous execution.
Monitor background sessions with the documented process controls and explicitly request foreground execution for sensitive tasks.
Wrong, stale, or overly broad path mappings could send future coding tasks to the wrong repository, and absolute paths may reveal local workspace structure if shared.
The skill persists workspace path mappings that can affect where future coding agents are launched.
This skill reads and updates `MEMORY.md` project mappings with absolute paths.
Keep MEMORY.md mappings minimal and review them before running tasks; only store intended project checkouts.
The package appears instruction-only, but version mismatch can make provenance and review tracking less clear.
The submitted registry metadata lists version 0.1.8, while the packaged _meta.json lists 0.1.5, indicating metadata drift.
"version": "0.1.5"
Verify the intended repository and package version before relying on this skill in a sensitive workflow.