VS Code Node
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed IDE-control skill, but it can make real changes to your code workspace when its VS Code/Cursor node connection is approved and whitelisted.
Before installing, verify the VS Code/Cursor extension source, approve only trusted nodes, keep the Gateway command allowlist narrow, leave readOnly/confirmWrites and terminal protections enabled unless needed, and review workspace diffs before allowing commits or destructive edits.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with broad permissions, the agent could change or delete workspace files or commit local Git changes.
The skill exposes broad IDE operations that can mutate files, create Git commits, and interact with a debugger. This is aligned with the code-assistant purpose, but it is powerful enough that the user should restrict what is whitelisted.
File `vscode.file.*` | read, write, edit, delete ... Git `vscode.git.*` | status, diff, log, blame, stage, commit, stash ... Debug `vscode.debug.*` | launch, stop, breakpoint, evaluate
Whitelist only the commands you need, keep write confirmations enabled where possible, and review diffs before allowing commit or delete operations.
Running tests, debug sessions, or terminal commands can execute project code in your local environment.
The skill can run tests, launch/debug code, evaluate expressions, and optionally run terminal commands. These actions are expected for an IDE automation skill, and the artifact states terminal use is disabled by default.
Test `vscode.test.*` | list, run, results ... Debug `vscode.debug.*` | launch, stop, breakpoint, evaluate ... Terminal `vscode.terminal.*` | run (disabled by default)
Keep terminal execution disabled unless needed, and only enable execution-related commands for trusted workspaces.
A trusted node approval lets the agent act through that VS Code/Cursor instance within the allowed command set.
The skill depends on a Gateway-approved node identity and command allowlist. This is an appropriate boundary mechanism, but approving and whitelisting commands delegates real IDE/workspace authority.
Commands in Gateway's `allowCommands` whitelist ... Each device has unique Ed25519 identity, must be approved by Gateway
Approve only nodes and devices you recognize, and keep the Gateway allowlist as narrow as possible.
Code context, command results, and delegated prompts may move between the agent, Gateway, IDE extension, and Cursor Agent.
The skill routes commands and outputs through an OpenClaw Node and can delegate work to Cursor Agent. This is disclosed and purpose-aligned, but users should understand the data and command boundary between the main agent, Gateway, IDE node, and Cursor Agent.
Control a VS Code or Cursor IDE remotely through the OpenClaw Node protocol ... Agent `vscode.agent.*` | status, run, setup (Cursor only)
Use this only with trusted Gateway, IDE, and Cursor Agent setups, and avoid delegating sensitive code unless that data flow is acceptable.
The actual IDE-side behavior depends on the external extension you install.
The skill is instruction-only and requires a separate VS Code/Cursor extension that is outside the provided artifact set. The extension requirement is disclosed and source is linked, so this is a provenance check rather than a concrete unsafe behavior.
OpenClaw Node for VS Code ... The VS Code/Cursor extension you need to install (required) ... Source: github.com/xiaoyaner-home/openclaw-vscode
Install the extension only from the linked trusted marketplace/source and review its permissions before connecting it to Gateway.