Claude Code Dev Workflow
Security checks across malware telemetry and agentic risk
Overview
This looks like a real Claude Code workflow guide, but it recommends approve-all and background/persistent modes that could let a coding agent change files or run commands without per-step review.
Install only if you are comfortable letting Claude Code work inside your project. Prefer a sandbox or feature branch, avoid approve-all permissions unless you understand the risk, review file changes before merging, protect API keys, set spending limits, and close persistent/background sessions when finished.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated Claude Code session could modify project files or run local commands with little friction if a task is wrong, overbroad, or influenced by unsafe instructions.
The skill recommends a non-interactive approve-all permission mode for the ACP plugin. In a coding workflow that can write code and run commands, this removes normal per-action approval boundaries.
设置权限(ACP 是非交互的,必须设) ... openclaw config set plugins.entries.acpx.config.permissionMode approve-all
Avoid approve-all as a default when possible; restrict the working directory, require approval for shell/write actions, review diffs before applying changes, and use a disposable branch or sandbox for risky tasks.
A long-running coding session may keep editing, testing, or waiting for input until it is cancelled or closed.
The skill explicitly supports persistent sessions and background jobs. This is aligned with its workflow purpose, but users should notice that work can continue outside a single immediate response.
/acp spawn claude --thread auto --mode persistent ... exec pty=true workdir=/path/to/project background=true command="claude 'Refactor the payment module to use async/await'"
Track session IDs, use `/acp cancel` or `/acp close` when done, and avoid leaving persistent/background sessions running with broad permissions.
Misconfigured or exposed credentials could allow unauthorized API usage or unexpected billing.
The guide asks users to configure Anthropic or AWS Bedrock credentials. These credentials are expected for Claude Code, but they grant account access and can incur costs.
export ANTHROPIC_API_KEY="sk-ant-xxxxx" ... export CLAUDE_CODE_USE_BEDROCK=1
Use least-privilege credentials, store keys securely, avoid pasting real keys into chat, and set provider-side spending limits.
Installing unverified or changed packages could introduce unexpected behavior into the local development environment.
The setup uses global CLI/plugin installation commands without version pinning. This is normal for this workflow, but users should verify package provenance.
npm install -g @anthropic-ai/claude-code ... openclaw plugins install acpx
Install only from trusted registries, verify package names and publishers, consider pinning versions, and review plugin documentation before enabling it.
Prompts, code context, or secrets typed into the bound chat may be sent to the Claude Code session and provider workflow.
The ACP workflow routes messages from the chat thread to Claude Code. This is disclosed and central to the skill, but it creates a data boundary users should understand.
之后在这个对话里说的所有话都会发给 Claude Code.
Do not send secrets unless necessary, confirm which thread is bound to Claude Code, and close bindings when the coding session is finished.