Claude Code 控制器
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is review-worthy because it encourages running Claude Code with permission prompts bypassed, including long-running background or parallel tasks that can change project files.
Install only if you are comfortable delegating code changes and command execution to Claude Code. Prefer a normal permission mode instead of `bypassPermissions`, run in a clean project directory or temporary worktree, avoid home and OpenClaw configuration directories, monitor background sessions, and manually approve destructive, publishing, or permission-changing actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may modify project files or run commands with fewer safety prompts than the user expects.
The default foreground and background examples run Claude Code with a permission-bypass mode for arbitrary task descriptions, reducing per-action review for file edits and shell actions.
claude --permission-mode bypassPermissions --print "你的任务描述"
Use a safer permission mode by default, run only in a disposable project/worktree, and require explicit user approval before writes, deletes, pushes, publishing, chmod, or other high-impact actions.
A task can continue making progress or changes while the user is not actively watching the foreground terminal.
The skill intentionally supports long-running background Claude Code sessions and gives process log, poll, and kill commands; this is disclosed and purpose-aligned but still needs supervision.
bash workdir:/path/to/project background:true command:"claude --permission-mode bypassPermissions --print '你的任务描述'"
Monitor background logs regularly, keep tasks narrowly scoped, and kill sessions when the intended task is complete or unclear.
Users may believe the recommended mode is conservative even though it can weaken permission gating.
The safety guidance frames `bypassPermissions` as avoiding full permission, while the flag name indicates permission checks are being bypassed; this could give users a false sense of safety.
不要给完全权限 - 使用 `--permission-mode bypassPermissions` 而非 `--yolo`
Clarify what `bypassPermissions` permits, prefer least-privilege defaults, and document when elevated/bypassed permissions are truly necessary.
Future package changes could alter the behavior of the installed CLI.
The skill depends on installing an external npm package to provide the `claude` binary; this is expected for the purpose, but the artifact does not pin a version.
node | package: @anthropic-ai/claude-code | creates binaries: claude
Verify the npm package source and consider pinning or reviewing the installed Claude Code CLI version.