Coding Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This coding-delegation skill is coherent, but it recommends running external coding agents in background modes that bypass approvals or sandboxing.
Use this skill only if you are comfortable letting an external coding CLI modify files and run commands. Prefer temp clones or worktrees, avoid --yolo and permission-bypass modes unless you explicitly approve them, set timeouts, monitor background logs, and keep it away from sensitive directories.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could edit files or run commands without pausing for approval; in no-sandbox mode, mistakes or prompt-influenced actions could affect more than the intended project.
The skill tells the agent to run coding CLIs in modes that suppress confirmations and, for Codex --yolo, remove sandboxing.
claude --permission-mode bypassPermissions --print ... "keeps full tool access and avoids interactive confirmation" ... "--yolo" | "NO sandbox, NO approvals"
Default to sandboxed, approval-gated modes. Require explicit user consent before using bypassPermissions, --full-auto, or --yolo, and document exactly what files and commands may be affected.
Users may believe files outside the selected project are protected when the delegated CLI may still be able to access them depending on its permissions and sandbox mode.
The wording could cause users to treat workdir as a security boundary, even though the same skill recommends full-access or no-sandbox execution modes where the current directory alone does not reliably confine access.
`workdir` | ... "agent sees only this folder's context" ... "doesn't wander off reading unrelated files"
Clarify that workdir is an organizational starting directory, not a security sandbox. Use real sandboxing, allowlists, temp clones, or containers for untrusted tasks.
A background coding agent may keep modifying files or running commands until it finishes or is stopped.
The skill intentionally spawns background coding-agent sessions and provides monitoring and kill actions; this is purpose-aligned but still important because the process can continue acting after launch.
bash pty:true workdir:~/project background:true command:"codex exec --full-auto 'Build a snake game'" ... process action:kill sessionId:XXX
Use short timeouts, monitor logs, restrict the working directory, and kill sessions promptly when the task is done or behavior looks unexpected.