coding-agent
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (spawn in temp dir), (3) refactoring large codebases, (4) iterative coding that needs file exploration. NOT for: simple one-liner fixes (just edit), reading code (use read tool), thread-bound ACP harness requests in chat (for example spawn/run Codex or Claude Code in a Discord thread; use sessions_spawn with runtime:"acp"), or any work in ~/clawd workspace (never spawn agents here). Claude Code: use --print --permission-mode bypassPermissions (no PTY). Codex/Pi/OpenCode: pty:true required.
Higher-privilege capability areas are present (token), but that alone is not evidence of malicious behavior.
โ๏ธ Quick review
No runtime postcard yet for this skill. Static evidence is available below, but the runtime lane has not touched it yet.
Before you install
- You are specifically looking for general / unreviewed workflows.
- Expect setup work: this skill references 11 env vars.
- Assume outside service calls are part of the story: 1 external domain reference showed up.
- Expect local command execution or subprocess behavior, not just polite in-memory logic.
- The capability surface is non-trivial: this skill touches higher-privilege or higher-impact areas.
- No runtime verdict yet, so you are leaning harder on static evidence and documentation quality.
Why this label
This landed in Use Caution because the capability surface or ambiguity is high enough to warrant extra scrutiny.
Uncertainty: Confidence is capped here because this entry relies more on metadata and heuristics than direct source evidence.
Capability surface and suspicious signals
Capability surface
These increase access or impact, but they are not the same thing as deceptive or malicious behavior.
Capability summary
+ 2 more
Suspicious behaviors
These are the signals that count much more heavily against the score.
Evidence
+ 8 more
+ 2 more
Read this section in two layers: capability surface shows what the skill can touch, while suspicious signals show what looks deceptive or riskier than ordinary integrations.
๐งช Technical runtime details
No runtime suite recorded yet for this skill.
Publisher and provenance
Bundled with the local OpenClaw installation. That improves provenance clarity, but it does not eliminate privilege or external-action risk.
Source type: local-skill-dir
Source path: /home/claw1/.npm-global/lib/node_modules/openclaw/skills/coding-agent
Manual review
No human review yet. The scorecard is currently static-analysis-first.
Community signals
Community signals
These are community attention markers, not crowd-sourced truth. Click what feels especially worth flagging or reviewing.
Related skills
model-usage
Use CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
video-frames
Extract frames or short clips from videos using ffmpeg.
skill-creator
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".