Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
coding-agent
v1.0.0Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp...
⭐ 0· 273·1 current·1 all-time
byShiwen Han@tshogx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The written instructions match the described purpose (delegating coding work to Codex/Claude/Pi/OpenCode via CLI invocations and background sessions). However the skill declares no required binaries, env vars, or install steps while the instructions repeatedly assume presence of multiple CLIs (codex, claude, opencode, gh, git) and a configured environment — that omission is an incoherence the user should be aware of.
Instruction Scope
The SKILL.md explicitly instructs using flags that bypass sandboxing and approvals (e.g., --permission-mode bypassPermissions, --yolo / 'no sandbox, no approvals'), running interactive PTYs, background sessions, and an 'elevated' host mode. Those instructions go beyond benign automation and materially increase risk (arbitrary commands, potential file/system modification, exfiltration) — they are within the skill's stated purpose but are high-risk operational choices that should be explicitly declared and constrained.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. That lowers installation risk (nothing new is written to disk by the skill itself).
Credentials
The skill lists no required environment variables or primary credential, but the instructions implicitly require authenticated CLIs (e.g., 'gh pr checkout', 'gh pr comment', git clone, and agent CLIs). It therefore expects existing credentials/configuration (GitHub auth, agent CLI auth) without declaring them — an important mismatch. The ability to run agents with bypassed permissions could access tokens and files available to the process, so the lack of declared env/credential requirements is concerning.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and leaves autonomous invocation at the platform default. However, the instructions promote long-running background sessions and an 'elevated' option that, if used, would allow host-level execution; combined with sandbox-bypass flags this increases potential blast radius. The metadata itself does not request elevated privileges, but the operational guidance encourages using them.
What to consider before installing
This skill plausibly does what it says, but it omits and actively encourages risky operational choices. Before installing: (1) confirm on your system that the required CLIs (codex, claude, opencode, git, gh, etc.) are present and understand which credentials they use; (2) do not use sandbox-bypass flags (--yolo, bypassPermissions) or 'elevated' host mode unless you fully trust the remote agent and understand the consequences — these options allow arbitrary commands to run on your host and can access local files/credentials; (3) run any spawned agents only in disposable temporary directories or isolated environments (containers or VMs) and avoid running inside the OpenClaw workspace; (4) be prepared to monitor and kill background sessions and to rotate any tokens or secrets that might be exposed; (5) consider asking the skill author to explicitly declare required binaries and any credential needs before installing so you can make an informed decision.Like a lobster shell, security has layers — review code before you run it.
latestvk977b94shkbsb9xf5zs57f4mq982nr4c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.