Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claude Code Remote Executor
v1.0.0Claude Code 远程执行 Skill — 通过三通道(FastAPI/Redis/Screen)向远程机器上的 Claude Code 派发指令,支持重试机制。触发:博士让我"派发给 Claude Code"、"远程执行"、"让XX机器执行Claude Code"、remote cc。
⭐ 0· 30·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (dispatch prompts to a remote Claude Code) matches the code: FastAPI and Redis worker implementations submit prompts to a local 'claude' binary. However the Screen channel implementation executes the user-supplied prompt directly in a remote shell (screen -> /bin/zsh -c "prompt") instead of invoking the Claude CLI; that is a functional divergence from the stated purpose and increases risk.
Instruction Scope
SKILL.md and scripts instruct the agent/user to edit config with remote IPs and to use SSH/scp to upload and restart remote services. The worker runs a local claude binary with '--permission-mode bypassPermissions', and the Screen channel runs arbitrary shell commands derived from the prompt — both are broad actions. The SKILL.md also directs reading remote logs and running shell commands (via ssh) for process management, which is expected for remote orchestration but expands scope to full remote shell control.
Install Mechanism
There is no install spec that downloads arbitrary artifacts; the package is instruction + scripts. That lowers install risk. The deploy scripts use scp/ssh to write files on the remote host, which is expected for a remote-deploy tool.
Credentials
No environment variables or external credentials are declared for the skill bundle, which is consistent. However the scripts assume SSH key-based access and hard-coded user paths (/Users/m1-meng, ~/.npm-global, workspace paths) and a reachable Redis instance; these hard-coded paths suggest the package was tailored to a specific environment and will require editing. The worker passes the process' os.environ when invoking the claude binary (i.e., it inherits environment variables), which could unintentionally expose environment values to the remote process.
Persistence & Privilege
always:false and no special platform-level persistence flags are present. The skill's deploy scripts do write and restart services on the remote machine (creating persistent worker/API there), but they do not modify other skills or system-wide agent settings on the local platform.
What to consider before installing
This skill will cause code to run on a remote machine you point it at (via SSH, FastAPI, or Redis). Before installing or enabling autonomous use: 1) Review and edit all hard-coded values (REMOTE_HOST, SSH user, CLI paths) so they match your environment. 2) Understand the Screen channel: it runs the provided prompt directly in a remote shell (zsh -c), so any prompt can become an arbitrary shell command — this is the primary red flag. If you only want to send prompts to a claude CLI, remove/modify the Screen channel so it calls the claude binary rather than running raw input. 3) The worker runs the claude binary with '--permission-mode bypassPermissions' which can increase what the remote process can do; ensure you trust the remote host and the claude binary. 4) Ensure Redis and the FastAPI endpoint are protected (network ACLs, auth) to avoid unauthorized task submission. 5) Because the agent can invoke skills autonomously by default, avoid granting this skill autonomous access unless you trust the agent's behavior — otherwise require manual confirmation. 6) Run the deploy scripts in a controlled/test environment first and inspect the generated cc_worker.py / cc_api.py files on the remote host before starting them.Like a lobster shell, security has layers — review code before you run it.
latestvk97cvzwm41mnqe8re1fqxkz6ms84tgqh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.