Claude Code Task
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for coding help, but it gives spawned coding agents broad local authority, links secret environment files into their workspace, and keeps persistent sessions/memory.
Use this only if you trust the local coding-agent CLIs and are comfortable giving them broad access to your repository. Before installing, consider removing the Claude permission-bypass flag, disabling automatic .env symlinks, reviewing the saved MEMORY.md preference, and manually killing tmux sessions after each task.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A coding agent could read or modify files and run commands in the worktree with fewer safety prompts than the user may expect.
The workflow instructs the agent to launch an external coding CLI in a tmux session, and the Claude option explicitly disables permission checks. The plan-first instruction is a mitigation, but it relies on the spawned agent following instructions rather than enforcing a tool boundary.
| `claude` | `claude --dangerously-skip-permissions` | ... `tmux send-keys -t <task-name> "nvm use 20 && <tool-command>" Enter`
Avoid `--dangerously-skip-permissions` by default, allowlist approved coding CLIs, and require explicit user confirmation before running any command with broad local access.
Secrets from the main project may become available to any spawned coding agent or command running in the worktree.
.env files commonly contain API keys, tokens, database URLs, and other credentials. The skill tells the agent to link them into every worktree without per-task scoping or opt-in.
ln -sf <project>/.env <worktree-path>/.env ... `Always` symlink `.env` files — don't copy
Do not link real .env files by default; ask the user first, prefer sanitized example env files, and only expose the minimum secrets needed for a specific task.
If the saved preference is stale, mistaken, or poisoned, the agent may launch the wrong local tool without the user noticing.
A persistent memory value determines which executable is launched in future tasks, and the skill says not to ask again once it is saved.
memory_search("preferred coding agent tool") ... If found → use that tool, no need to ask ... Write to `MEMORY.md`Validate the saved tool name against an allowlist, reject shell metacharacters or full command strings, and re-confirm before using non-default or changed tools.
Coding-agent processes may keep running in the background after the initial request if cleanup is missed.
Persistent and parallel tmux sessions are explicitly part of the design and cleanup is documented, but these sessions can continue running until killed.
Always uses tmux for persistent multi-turn conversation — never one-shot mode ... Parallel tasks ... `tmux kill-session -t <task-name>`
List active tmux sessions regularly and kill task sessions when finished or when you no longer trust their state.
The actual behavior depends heavily on the local coding-agent CLI and other tools already installed on the machine.
The package has no hidden install code, but its runtime depends on separately installed tools whose presence, versions, and provenance are not enforced by the registry metadata.
Source: unknown; Homepage: none; Required binaries ... none; No install spec — this is an instruction-only skill.
Verify the installed CLIs, versions, and sources yourself before using the skill, especially for tools that can modify code or run shell commands.