Coding Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned for delegating coding work, but it encourages background coding agents with permission bypasses and weak containment assurances.
Install only if you intend to let OpenClaw launch local coding agents. Prefer disposable clones, worktrees, containers, or sandboxed modes; avoid `--yolo` and permission-bypass workflows unless you understand that the delegated agent may make broad changes without confirmation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could change files or run tools without asking the user for normal confirmations.
The skill directs the agent to use a mode that bypasses normal permission prompts while retaining full tool access, reducing user review for high-impact coding actions.
For Claude Code (`claude` CLI), use `--print --permission-mode bypassPermissions` instead... `--print` mode keeps full tool access and avoids interactive confirmation
Use permission-bypass modes only in disposable clones, containers, or tightly scoped worktrees, and require explicit user approval before broad file changes or command execution.
If used in a real project or home directory, the coding agent may modify files or execute actions without sandbox containment or approval prompts.
The documented Codex workflow includes a no-sandbox, no-approval mode for coding tasks, which is high-impact and weakly bounded.
`--yolo` | NO sandbox, NO approvals (fastest, most dangerous)
Avoid `--yolo` for normal use; prefer sandboxed modes, temporary clones, explicit worktrees, and user-reviewed patches.
Users may believe the agent is confined to one folder when it may still be able to access or affect other local files depending on the CLI mode and environment.
The text implies that setting a working directory limits what the agent can see, but a working directory is generally not a security boundary, especially when paired with no-sandbox or permission-bypass modes.
`workdir` | Working directory (agent sees only this folder's context)
State clearly that `workdir` is only a starting directory, not containment; recommend containers, sandboxes, or disposable clones for isolation.
A background coding agent could continue making changes while the user is not actively supervising it.
The example combines background execution with a no-sandbox/no-approval agent mode for a broad refactoring task, creating an autonomous process with substantial local authority.
bash pty:true workdir:~/project background:true command:"codex --yolo 'Refactor the auth module'"
Use background mode with explicit timeouts, frequent log checks, kill instructions, and only in isolated directories where unintended changes are easy to discard.
The skill is intended to run local commands and external coding agents, which can affect the local development environment.
Shell command execution is central to this skill's purpose and is disclosed, but users should recognize that installing the skill enables the agent to launch local coding CLIs.
Use **bash** (with optional background mode) for all coding agent work.
Only use it in repositories where you are comfortable allowing a coding agent to run, and review commands before execution.