← Back to Skills Marketplace
421
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install qoder-cli-skill
Description
Delegate coding tasks to Qoder CLI using Print mode (non-interactive). Use when: (1) building/creating new features or apps, (2) code reviews, (3) refactorin...
Usage Guidance
This skill is essentially a wrapper for the qodercli command-line tool — that is expected. Before installing or using it, verify the source and integrity of the qodercli binary (where was it downloaded from?), and confirm you trust that tool. Be aware that SKILL.md references QODER_PERSONAL_ACCESS_TOKEN but the skill metadata doesn't declare it as required — you will likely need to supply a personal access token for operations. The skill documents a '--yolo' flag that skips permission checks and examples that perform automatic code edits; avoid using such flags unless you fully understand and accept the risk. Also review and control any ~/.qoder/agents or project agent files the skill creates, since they can grant persistent behavior (including running Bash) in future runs. If you want this to be safer: require explicitly declaring the auth env var in the skill metadata, confirm qodercli's provenance, and prefer running commands with review/CI gates rather than automatic edit flags.
Capability Analysis
Type: OpenClaw Skill
Name: qoder-cli-skill
Version: 0.1.0
The skill bundle is classified as suspicious due to the integration of a powerful CLI tool (`qodercli`) with high-risk capabilities that could be exploited via prompt injection. Specifically, the `SKILL.md` documentation explicitly highlights and provides examples for the `--yolo` flag, which 'Skips permission checks' within `qodercli`, allowing potential bypass of internal safeguards. Additionally, the ability to add arbitrary MCP servers using `bash command:"qodercli mcp add <name> -- <command>"` allows the agent to execute `npx` commands to install and run any npm package (potentially malicious ones) with auto-confirmation (`-y`), creating a significant attack surface for arbitrary code execution or unauthorized system modifications.
Capability Assessment
Purpose & Capability
Name and description claim delegation to Qoder CLI; the skill is instruction-only and requires the qodercli binary (declared in metadata). That requirement is coherent with the stated purpose.
Instruction Scope
Instructions direct the agent to run qodercli commands in the user's workdir (expected) but also describe creating and using user-level config files (~/.qoder/agents) and project-level agent files. They reference an auth environment variable (QODER_PERSONAL_ACCESS_TOKEN) and claim tokens are auto-inherited from shells. The doc also documents a '--yolo' flag that skips permission checks and examples that may cause automatic code edits — these behaviors can lead to surprising or high-impact changes if used unintentionally.
Install Mechanism
No install spec or code files are present; the skill is instruction-only and relies on a binary being present on PATH. This is the lowest-risk install model.
Credentials
The SKILL.md references QODER_PERSONAL_ACCESS_TOKEN for authentication but the registry metadata lists no required environment variables. Not declaring the token as required is an inconsistency: the skill will likely need that token to operate, and users may not realize they must provide it. No unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However, it instructs creation of config/agent files under ~/.qoder and project-level agent directories, which gives it persistent configuration capability on the host if those steps are followed. This is consistent with tooling but worth user attention.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install qoder-cli-skill - After installation, invoke the skill by name or use
/qoder-cli-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
qoder-cli-skill v0.1.0
- Initial release of the qoder-agent skill using Qoder CLI in Print mode (non-interactive).
- Supports feature development, code review, refactoring, and iterative coding tasks that require file exploration.
- Compatible with all session types, including direct chat, group chat, and Discord.
- Includes documentation for model selection, Quest Mode, subagents, worktree jobs, and MCP server integration.
- Requires qodercli to be installed; TUI mode is not supported in automated environments.
Metadata
Frequently Asked Questions
What is Qoder CLI skill?
Delegate coding tasks to Qoder CLI using Print mode (non-interactive). Use when: (1) building/creating new features or apps, (2) code reviews, (3) refactorin... It is an AI Agent Skill for Claude Code / OpenClaw, with 421 downloads so far.
How do I install Qoder CLI skill?
Run "/install qoder-cli-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Qoder CLI skill free?
Yes, Qoder CLI skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Qoder CLI skill support?
Qoder CLI skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Qoder CLI skill?
It is built and maintained by PenaFong (@lfeng); the current version is v0.1.0.
More Skills