Claude Code Dev Workflow
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Claude Code programming workflow, but it asks users to enable auto-approved and persistent/background coding-agent sessions, which can affect code and commands without per-action review.
Install or follow this skill only if you are comfortable giving Claude Code strong authority over a specific development workspace. Prefer a sandbox or branch, avoid approve-all when possible, set spending limits, keep secrets out of bound chats, monitor background sessions, and close ACP sessions when done.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may be able to make project changes or run commands without asking the user each time.
The skill explicitly instructs users to configure ACP with approve-all permissions because it is non-interactive. For a coding agent, this can allow file edits and command execution without per-action approval.
# 5. 设置权限(ACP 是非交互的,必须设) openclaw config set plugins.entries.acpx.config.permissionMode approve-all
Use the narrowest available permission mode, run only in a trusted project directory or container, keep changes on a branch, and require explicit approval for destructive or broad actions.
A coding task could continue running or remain bound to a chat thread after the initial request, increasing the chance of unintended edits or commands.
The skill documents persistent Claude Code sessions and background tasks. These are disclosed and related to the workflow, but their lifetime and authority are powerful when paired with approve-all permissions.
/acp spawn claude --thread auto --mode persistent ... exec pty=true workdir=/path/to/project background=true command="claude 'Refactor the payment module to use async/await'"
Use persistent/background mode only for trusted projects, monitor session status, close sessions when done, and avoid approve-all for long-running tasks.
Using the skill may consume paid model credits or rely on AWS permissions configured in the environment.
The workflow requires Anthropic API keys or AWS Bedrock credentials. This is expected for Claude Code integration and there is no evidence of hardcoded or leaked credentials, but users should recognize the account and billing authority involved.
export ANTHROPIC_API_KEY="sk-ant-xxxxx" ... export CLAUDE_CODE_USE_BEDROCK=1
Use scoped credentials where possible, protect API keys, set provider-side spending limits, and avoid exposing secrets in bound chat sessions.
Installing these components gives third-party tooling local execution capability.
The skill asks users to install external tooling globally and install an OpenClaw plugin, without pinning versions. This is purpose-aligned setup documentation, but it depends on external package/plugin provenance.
npm install -g @anthropic-ai/claude-code ... openclaw plugins install acpx
Verify package/plugin sources, prefer pinned or reviewed versions if available, and install in a controlled development environment.
Commands may read, modify, or create files in the chosen working directory and may run project tooling.
The skill documents direct PTY/shell execution of Claude Code commands. This is central to a programming workflow, but users should treat it as real command execution in the selected project directory.
exec pty=true workdir=/path/to/project command="claude 'Fix the failing test in auth.test.js'"
Run in a disposable branch or sandbox, review diffs before committing, and avoid pointing the workflow at sensitive or production directories.
Messages, code snippets, or secrets posted in the bound chat may be sent to the coding agent/provider.
After binding a chat to Claude Code, the skill says all subsequent messages in that conversation are forwarded to Claude Code. This is disclosed and part of the ACP workflow, but it creates a sensitive data boundary across chat platforms, OpenClaw, and Claude Code.
之后在这个对话里说的所有话都会发给 Claude Code。
Bind only trusted channels or threads, warn participants, avoid posting secrets, and close the ACP session when finished.