Claude Code Bridge
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is transparent about its purpose, but it gives chat conversations persistent remote control over a local Claude Code terminal with file, command, and approval authority.
Install only if you intentionally want chat-based remote control of Claude Code on your machine. Use it in private, trusted channels; avoid group chats unless every participant is trusted; be careful with approval option 2/“allow always”; stop sessions when finished; and remember that terminal output and project information may be stored locally and returned to the chat.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A chat message can become an instruction to a local coding agent that can run commands or change files once approved, and group-chat participants may influence that session if the bridge is used there.
The skill exposes a local Claude Code terminal capable of file mutation, command execution, and bash-mode use through remote chat messages. This is purpose-aligned but high-impact and not scoped in the artifacts to specific trusted users, directories, or low-risk operations.
File read/write | ✅ | Full support after approval ... Command execution | ✅ | Full support after approval ... Bash mode (`!` prefix) | ✅ | Send directly via `send`
Use only in trusted private chats or tightly controlled groups, keep Claude Code permissions restrictive, avoid permanent approvals unless necessary, and consider adding explicit user/channel allowlists and project-directory limits.
People or messages that can reach the active chat session may be able to use the user's local Claude Code account and its delegated project permissions.
The bridge uses the user's already-authenticated local Claude Code identity, but the registry declares no primary credential and the artifacts do not show boundaries on who in a chat can drive that identity-backed session.
CC-Bridge uses your locally logged-in Claude Code CLI with OAuth authentication.
Document the credential boundary clearly, declare the Claude Code login dependency, and add controls so only authorized senders can start, send to, approve, or stop sessions.
Untrusted or accidental messages in an enabled chat can be forwarded into a local coding agent, and Claude Code output may be returned to that chat.
The skill creates a bridge between messaging channels, the OpenClaw agent, and a Claude Code CLI agent. The artifacts do not define identity checks, origin validation, or data-boundary rules for messages from shared channels.
Bridge every incoming message to a live, persistent `claude` CLI process ... The user interacts via QQ/Telegram/any channel
Restrict the bridge to trusted chats, avoid enabling it in groups with untrusted participants, and implement explicit sender/channel authorization before forwarding or approving actions.
Terminal history and Claude Code output may remain on disk and be viewable later through history/peek commands until the session is stopped and files are removed.
The script stores persistent terminal output logs and keeps a large tmux scrollback buffer. This supports the bridge's purpose, but may retain sensitive code, command output, or conversation context.
STATE_DIR="$HOME/.openclaw/cc-bridge" ... SCROLLBACK_LINES=50000 ... tmux pipe-pane -t "$TMUX_NAME" -o "cat >> '$LOG_FILE'"
Treat bridge history as sensitive, stop sessions when done, clear logs where appropriate, and avoid sending secrets or sensitive command output through shared chats.
A Claude Code session may continue running locally in the background and retain context until explicitly stopped.
Persistent background operation is clearly disclosed and central to the skill, but it means Claude Code sessions can remain active after the chat interaction ends unless stopped.
tmux maintains persistent terminal sessions (survives disconnects)
Use `/cc stop` or the documented stop command after finishing, and monitor active tmux sessions if unexpected behavior occurs.
Users may not realize from the registry metadata alone that the skill runs a local shell script and depends on tmux plus a logged-in Claude Code CLI.
The registry metadata does not provide source provenance and does not declare the tmux/Claude Code prerequisites that the README and script rely on. This is under-declared rather than hidden, because the README documents the dependencies.
Source: unknown; Homepage: none; Required binaries: none
Publish source/homepage information and declare required binaries and credential expectations in metadata.