← Back to Skills Marketplace

openclaw-with-vscode

Name: openclaw-with-vscode
Author: diankourenxia

by diankourenxia · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

354

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-with-vscode

Description

Bridge between OpenClaw and VS Code Copilot — dispatch coding tasks from any OpenClaw channel to VS Code for execution.

Usage Guidance

This skill itself is a simple local forwarder and does not ask for secrets, but exercise caution before enabling it: 1) Verify the OpenClaw Chat VS Code extension is legitimate (marketplace publisher, source code, reviews). 2) Understand Copilot/Copilot Chat will contact GitHub services using your Copilot credentials — do not forward secrets or private keys in prompts. 3) The skill allows prompts that can cause file edits and run commands in your editor; require user confirmation for any destructive actions. 4) If you need stronger guarantees, avoid using this skill for sensitive code or inspect the extension behavior and logs (network calls) before trusting it. 5) If you want lower risk, restrict the agent so it cannot autonomously invoke the skill without explicit user approval.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-with-vscode Version: 1.0.0 The skill bundle facilitates a bridge to VS Code but contains a potential shell injection vulnerability in SKILL.md, where user-provided prompts are inserted into a curl command template without explicit sanitization instructions. It also directs the agent to perform high-privilege actions, such as installing a VS Code extension (wodeapp.openclaw-chat) and communicating with a local server on port 19836. While the traffic is restricted to localhost, the combination of high-privilege IDE access and the risk of command injection via the agent's execution of shell commands makes this bundle risky.

Capability Assessment

✓ Purpose & Capability

Name/description match the instructions: the skill is an instruction-only bridge that POSTs JSON to a local endpoint. Requiring curl and only local endpoints is proportionate to the stated purpose.

⚠ Instruction Scope

Instructions tell the agent to send arbitrary coding tasks to http://localhost:19836/trigger which will cause Copilot to 'edit files, run commands, create code, and more.' The doc does not constrain or validate what may be executed, nor does it require explicit user confirmation before dangerous actions. The SKILL.md also asserts 'All traffic is local' which is misleading because Copilot/ Copilot Chat will contact GitHub's services to process prompts, meaning user code/prompts can leave the machine and be sent to external servers.

✓ Install Mechanism

Instruction-only skill with no install spec and only a recommendation to install a VS Code extension via the official marketplace. No code is downloaded by the skill itself.

ℹ Credentials

The skill requests no env vars or credentials, which is reasonable. However, it depends on the user's VS Code + Copilot auth (GitHub account and Copilot) implicitly; the SKILL.md fails to acknowledge that Copilot’s processing uses GitHub services and the user's GitHub credentials, which is relevant for privacy/credential exposure.

ℹ Persistence & Privilege

always:false and no install changes are fine. Be aware the platform default allows autonomous invocation; combined with the ability to forward arbitrary prompts that cause local edits/command execution, this increases blast radius if the agent is allowed to call the skill without per-action user confirmation.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-with-vscode
After installation, invoke the skill by name or use /openclaw-with-vscode
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: Integrates OpenClaw with VS Code Copilot to execute coding tasks locally. - Dispatch write, edit, review, or debug requests from OpenClaw directly to VS Code Copilot. - Utilizes local HTTP endpoints for all communication; no data is sent externally. - Includes setup instructions and workflow for task execution and result display. - Requires VS Code to be open with Copilot in Agent mode for full functionality. - Health check and endpoint details provided for troubleshooting.

Metadata

Slug openclaw-with-vscode

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is openclaw-with-vscode?

Bridge between OpenClaw and VS Code Copilot — dispatch coding tasks from any OpenClaw channel to VS Code for execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 354 downloads so far.

How do I install openclaw-with-vscode?

Run "/install openclaw-with-vscode" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-with-vscode free?

Yes, openclaw-with-vscode is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclaw-with-vscode support?

openclaw-with-vscode is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-with-vscode?

It is built and maintained by diankourenxia (@diankourenxia); the current version is v1.0.0.

More Skills