← Back to Skills Marketplace
gricha

Perry Coding Agents

by gricha · GitHub ↗ · v1.5.0
cross-platform ⚠ suspicious
3887
Downloads
2
Stars
11
Active Installs
7
Versions
Install in OpenClaw
/install perry-coding-agents
Description
Dispatch coding tasks to OpenCode or Claude Code on Perry workspaces. Use for development work, PR reviews, or any coding task requiring an isolated environment.
Usage Guidance
This skill appears to do what it says (dispatch remote coding agents), but there are several red flags you should address before installing or using it: - Missing declared requirements: The SKILL.md assumes local tools (tailscale, jq, ssh, curl) and a webhook token but the skill metadata declares none. Confirm these prerequisites and provide them securely. - Undeclared secret: The instructions require an Authorization: Bearer <hooks-token> value. Ask the author to declare required env vars (e.g., PERRY_HOOKS_TOKEN) or explain how tokens are provisioned. Never paste secrets into a skill without understanding storage/use. - Insecure SSH option: The examples use -o StrictHostKeyChecking=no which disables host key verification and increases MITM risk. Prefer adding known host keys or using a secure SSH config rather than disabling checking. - Local HTTP callback risk: Remote workspaces are instructed to POST back to your local IP:18789. Ensure that the wake endpoint is bound only to a safe interface, is authenticated, and is not exposed to untrusted networks. Consider firewall/Tailscale ACLs to limit who can reach that port. - Remote code execution: The skill runs arbitrary commands on remote workspaces via SSH. Only use with workspaces and keys you fully trust. Review remote binaries paths (/home/workspace/.opencode/, /home/workspace/.local/bin/claude) and confirm they are the intended agents. What would reduce my concern: explicit metadata listing required binaries and environment variables (including hook token), instructions that avoid disabling host-key checking, and clear guidance on securing and scoping the local wake endpoint. If the author provides those clarifications, the skill would look coherent and likely benign; until then treat it cautiously.
Capability Analysis
Type: OpenClaw Skill Name: perry-coding-agents Version: 1.5.0 The skill bundle is classified as suspicious primarily due to the use of `ssh -o StrictHostKeyChecking=no` in `SKILL.md`. While this might be intended for automation in trusted environments, it disables host key verification, making SSH connections vulnerable to Man-in-the-Middle (MITM) attacks. Other aspects, such as the `curl` callback to the agent's own IP for task completion, are aligned with the stated purpose and do not show malicious intent. The instructions for the AI agent are workflow-related and do not constitute malicious prompt injection.
Capability Assessment
Purpose & Capability
The name/description (dispatch coding tasks to OpenCode/Claude on Perry workspaces) aligns with the SKILL.md instructions which show SSH-based dispatch to remote workspaces and running opencode/claude binaries. However, the skill declares no required binaries or credentials while the instructions clearly rely on local tools (tailscale, jq, curl, ssh) and a webhook token; this omission is an inconsistency.
Instruction Scope
Runtime instructions tell the agent to run ssh to remote hosts, run remote binaries, and instruct the remote to POST back to a local wake endpoint (http://${WAKE_IP}:18789). They also instruct use of 'tailscale status' to read local Tailscale IPs and to disable SSH host-key checking. These steps access local networking state and require a hook token (Authorization: Bearer <hooks-token>) that is not declared—this extends scope beyond a simple dispatcher and can expose a local HTTP endpoint to remote agents.
Install Mechanism
There is no install spec and no code files—this instruction-only skill does not write code to disk or download external packages, which is the lower-risk model for skills. However, reliance on external CLI tools (ssh, tailscale, jq, curl) is implied by the instructions.
Credentials
The instructions require a webhook 'hooks-token' (Authorization: Bearer <hooks-token>) and implicitly require SSH credentials and access to the local Tailscale identity, but the skill declares no required environment variables, primary credential, or config paths. That mismatch (undeclared secrets and credentials) is a significant proportionality problem: the skill is asking you to use secrets but doesn't document them or how they should be provided/stored.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not include installation steps that modify agent/system config. It does depend on running background ssh processes but does not itself modify other skills or global settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install perry-coding-agents
  3. After installation, invoke the skill by name or use /perry-coding-agents
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
Emphasized: always create dex task BEFORE dispatch
v1.4.0
Added concrete end-to-end example
v1.3.0
Trimmed 5KB to 1.7KB - more concise
v1.2.0
Added learnings: no timeouts, task tracking, session reuse, use IPs
v1.1.1
fix: correct webhook endpoint (/hooks/wake) and use hooks.token instead of gateway.auth.token
v1.1.0
Fix: use ~/projname not /workspace, document SSH PATH issues
v1.0.0
Initial release: Dispatch tasks to OpenCode/Claude Code on Perry workspaces
Metadata
Slug perry-coding-agents
Version 1.5.0
License
All-time Installs 11
Active Installs 11
Total Versions 7
Frequently Asked Questions

What is Perry Coding Agents?

Dispatch coding tasks to OpenCode or Claude Code on Perry workspaces. Use for development work, PR reviews, or any coding task requiring an isolated environment. It is an AI Agent Skill for Claude Code / OpenClaw, with 3887 downloads so far.

How do I install Perry Coding Agents?

Run "/install perry-coding-agents" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Perry Coding Agents free?

Yes, Perry Coding Agents is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Perry Coding Agents support?

Perry Coding Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Perry Coding Agents?

It is built and maintained by gricha (@gricha); the current version is v1.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments