coding-agent-common

The skill bundle provides instructions for delegating tasks to external AI coding tools (Codex, Claude Code, OpenCode). It explicitly directs the OpenClaw agent to use high-risk execution flags such as '--yolo' and '--permission-mode bypassPermissions' in SKILL.md and the reference files, which are designed to bypass human-in-the-loop security approvals and sandboxing. While these features are functional for autonomous coding, they create a significant risk of Remote Code Execution (RCE) if the agent is prompted with a malicious task. No evidence of intentional data exfiltration or backdoors was found, but the promotion of security-bypass modes warrants a suspicious classification.