Description

Delegates tasks to the local Claude Code CLI. Activate immediately when the user asks for Claude, requests a stronger model, or mentions an existing project...

README (SKILL.md)

claw2claude — OpenClaw Orchestrates Claude Code

Name: Claw2Claude
Author: is-xins-xiaobai

Delegates the user's task to the local claude CLI. You (OpenClaw AI) are the orchestrator. Claude Code is the executor.

Security & Transparency

This skill has broader-than-average system access because it bridges two runtimes (OpenClaw and Claude Code). Everything it does is documented here and in the metadata above.

What this skill accesses

Resource	Why	Access type
`~/.openclaw/openclaw.json`	Gateway port + auth token, so `notifier.py` can POST results back to the user's channel	Read-only
`~/.openclaw/credentials/`	JWT expiry check before Claude starts — warns if token is stale; never modifies	Read-only
`~/.openclaw/agents/main/sessions/sessions.json`	Find the user's most recently active channel so results go to the right place	Read-only
`\x3Cproject_path>/`	Claude Code working directory; all file changes are intentional outputs of the delegated task	Read + write
`\x3Cskill_dir>/logs/`	Monthly invocation log (timestamp, mode, project, exit status, no prompt content beyond first 200 chars)	Write

Background processes

Two scripts run detached from the main AI turn:

notifier.py — starts when Claude starts; polls every 2 s for Claude's completion file; sends chunked results to the user's channel via the OpenClaw gateway message tool; exits immediately after delivery (or after 35 min if Claude never finishes).
heartbeat.py — used in background mode only; monitors the background Claude PID; sends a notification when Claude exits. Not used in discuss, execute, or continue modes.

Neither process modifies OpenClaw config, reads credentials a second time, or persists beyond the task lifecycle.

`--dangerously-skip-permissions` usage

All Claude sessions are launched with this flag. It is necessary because Claude Code is invoked non-interactively (triggered by a chat message, not a terminal), so it cannot display permission prompts. The flag's scope is limited to the project directory — Claude is not given broader system access than a normal Claude Code session would have.

If you prefer interactive permission prompts, run Claude Code directly in a terminal rather than through this skill.

Required `openclaw.json` changes

Two config changes must be applied before the skill works. These are opt-in — the skill cannot make these changes itself:

{
  "gateway": {
    "tools": { "allow": ["message"] }
  },
  "tools": {
    "sessions": { "visibility": "all" }
  }
}

gateway.tools.allow: ["message"] — lets notifier.py call the gateway message tool from outside an AI turn to deliver results
tools.sessions.visibility: "all" — lets the notifier target the user's channel session (which differs from the system session running Claude)

See README.md for the full setup guide.

Activation

A. Activate immediately (any one condition is enough)

Condition	Examples
User explicitly asks for Claude	"use Claude for this", "let Claude handle it", "hand it to Claude"
User requests a stronger / smarter model	"use a better model", "switch to a more capable AI"
Task involves an existing Claude Code project	User mentions a path that contains `.openclaw-claude-session.json`
User explicitly mentions claude CLI / Claude Code	"run it with claude", "open a Claude Code session"

B. Ask first (when you judge the task has these traits)

Before starting, ask the user whether to create a Claude project if any of the following apply:

Trait	How to judge
It's an idea or direction	User says "I want to build/design/plan/write a…" — no concrete single question yet
Multiple parts involved	Feature modules, document chapters, plan phases — not answerable in one reply
Multiple iterations expected	Discuss → revise → confirm loop, or clearly not a one-shot Q&A
A clear project concept exists	App, system, business plan, product spec, docs, course outline, campaign plan, etc.
User already has related material	Mentions an existing directory, codebase, docs, or prior discussion

Fixed phrasing to use when asking:

This looks like a task that will need multiple rounds of discussion or iteration. Would you like to set up a Claude Code project for this? Benefits:

Full conversation history and context that persists across sessions

Pick up where you left off at any time

All files, plans, and code kept in one working directory

[Yes, create project] / [No, handle it directly]

User says yes: ask for (or suggest) a project path, then launch in discuss or execute mode
User says no: handle it yourself; do not invoke this skill

If none of the above conditions apply, handle the request yourself. Do not invoke this skill.

Four Modes

Mode	When to use	Claude permissions
`discuss`	Requirements are unclear; user wants to explore options or plan architecture	`--dangerously-skip-permissions` (all operations allowed)
`execute`	Task is clear; user wants code written or changed	`--dangerously-skip-permissions` (fully automatic)
`continue`	Resuming the previous session in the same mode	Inherits the previous mode's permissions
`background`	User wants Claude to run without waiting for the result	Same as execute (`--dangerously-skip-permissions`) — always runs as execute, cannot use discuss or continue

Claude has a 30-minute timeout. If it expires, the task is aborted — split it into smaller subtasks and retry.

Step 1: Determine the mode

What the user says	Mode
"Help me think through how to design…" / "What are the options?" / "Analyse this…"	`discuss`
"Write…" / "Implement…" / "Create…" / "Refactor…"	`execute`
"Continue" / "Keep going" / "Do what we discussed"	`continue`
After a discussion: "OK, let's build it" / "Go with that plan"	`execute` ← important!
"Run it in the background" / "Don't wait, just let it run"	`background`

⚠️ Use execute, not continue, when switching from discussion to implementation. execute always resumes the last session (--resume) if one exists, whether the previous mode was discuss or execute. This keeps all messages to the same project in a single continuous session. continue also resumes the same session but is reserved for explicit "pick up where we left off" requests.

If the user says "continue" but also adds a new direction, use execute mode with the full structured prompt — not continue.

Step 2: Confirm the project path (critical — prevents session cross-contamination)

The registry is printed to stderr automatically each time launch.sh runs — you do not need a separate call unless you need to inspect it before deciding which project to use. If unsure, run:

python3 "$SKILL_DIR/scripts/projects.py" list

Situation	Action
User specified a path explicitly	Use it directly
Registry is empty — brand new project	Generate an English directory name from the task; tell the user: `"I'll create the project at ~/Projects/\x3Cname> — let me know if you'd like a different location"`
Registry has exactly one project	Use it by default; tell the user: `"Continuing with [project name]"`
Registry has multiple projects + user says "continue" but it's ambiguous	List them and ask the user to choose. Never guess.
Registry has multiple projects + task implies a specific one	Infer and confirm: `"Did you mean [project name]?"`

Step 3: Build the prompt for Claude

Expand the user's raw description into a structured instruction that Claude can execute efficiently.

discuss mode — instruct Claude to act as an architecture advisor, suggestions only, no code:

You are an experienced software architect. The user wants to discuss the following:

\x3Cuser's original request>

Ask clarifying questions, suggest architecture patterns and tech stack options, identify risks.
Do NOT write actual implementation code unless the user explicitly asks for a short example.

execute mode — instruct Claude to complete the task directly:

You are a professional software engineer. Complete the following task:

Goal: \x3Cclear description of the end result>
Tech stack: \x3Clanguage/framework — infer if not specified>

Requirements:
- Clean, commented code following best practices
- Proper error handling and edge case coverage
- \x3Cany specific requirements the user emphasised>

\x3Clist concrete steps if applicable; omit otherwise>

continue mode — pass the user's new instruction directly; Claude already has the full prior context:

\x3Cuser's new instruction verbatim>

Step 4: Launch and notify (required)

Before invoking Claude Code, tell the user it's starting (say it in your reply — no extra tool needed): "🚀 Launching Claude Code for [project name] — [discuss/execute] mode. This will take a few minutes…"

Then run with the exec tool:

"$SKILL_DIR/scripts/launch.sh" "\x3Cproject_path>" "\x3Cmode>" "\x3Cprompt>"

project_path: absolute path — the script creates the directory and runs git init automatically
mode: discuss / execute / continue / background
prompt: the structured instruction built in Step 3. If the prompt contains double quotes, escape them as \" or wrap in single quotes.

⚠️ Never pass a 4th argument. The session key is always auto-detected by launch.sh. Passing it manually risks arg-parse corruption: when the prompt contains newlines or special characters, the shell may miscount positional arguments and assign prompt content to $4, sending results to the wrong channel.

background mode: the script returns immediately; Claude runs in the background. Tell the user: "🚀 Claude Code is running in the background. You'll be notified automatically when it's done."

Step 5: Deliver the result

The exec result already contains a structured summary written by Claude (extracted from the ---CHAT_SUMMARY--- block). The full output is in the log file.

The exec call may have taken several minutes and the channel connection may be stale. Always use the message tool explicitly to guarantee delivery — do not rely on turn-response auto-routing.

Chunked delivery (required — do not send in one message)

Split the summary into chunks and send each as a separate message call. Rules:

First message: one-line confirmation only → "✅ Claude Code finished · [project name]"
Body chunks: split the summary by section headings (##, ###) or at natural paragraph breaks — whichever comes first. Each chunk must be ≤ 500 characters. If a single paragraph exceeds 500 characters, break it at the nearest sentence boundary.
Last message: footer line only →
- discuss mode: omit the footer — do not add any fixed closing line; let the summary speak for itself and ask a natural follow-up question if appropriate
- execute mode: "Please verify the result in your project directory."
- on timeout: "⏰ Task timed out (>30 min) — please split it into smaller subtasks and retry."

Do not rewrite or expand the summary — Claude already wrote it concisely. Send each chunk verbatim.

Example (summary has 3 sections):

message("✅ Claude Code finished · myapp")
message("## What was done\
Added JWT middleware to …")
message("## Files changed\
- src/auth.ts\
- src/routes …")
message("## Next steps\
Run `npm test` to verify …")
message("Please verify the result in your project directory.")

Examples

User: I want to build a video transcription tool but I'm not sure which tech stack to use
→ discuss mode → confirm directory ~/Projects/video-transcriber
→ Claude analyses options

User: OK, let's go with Whisper + FastAPI — start building
→ execute mode (discuss→execute, carries over context via --resume)
→ Claude implements directly based on the discussion, no need to re-explain

User: Add JWT authentication to ~/Projects/myapp
→ execute mode, path is explicit

User: Continue
→ registry has two projects → list them and ask the user to choose

Usage Guidance

This skill is functionally coherent but asks you to grant non-trivial runtime privileges — review before enabling. Specific actions to consider: - Inspect the shipped scripts (you have them) and confirm you trust their behavior. They are the code that will run. - Review and limit openclaw.json changes. The skill asks you to allow the gateway 'message' tool and broaden sessions visibility; consider whether you can grant a narrower permission or only enable while testing. - Understand that notifier/heartbeat will read gateway/auth tokens and may call the gateway or the Discord API directly. Those tokens permit tool invocation and message injection — store/revoke them carefully. - Be cautious about running in background mode: the notifier and heartbeat persist and can send messages outside the AI turn. If you prefer interactive permission prompts, run Claude manually rather than using this skill (SKILL.md explicitly suggests this). - Test in a safe project directory (no secrets or production data) first. Confirm that logs and session files are written only under the project and skill directories as claimed, and that no unexpected network destinations are contacted. - If you have low trust in the claude CLI or the system-wide gateway config, avoid enabling the required gateway changes. Consider running the orchestration locally yourself (manually invoking launch.sh) until you are comfortable. If you want, I can summarize a short checklist of the exact openclaw.json keys to change and how to revert them safely after testing.

Capability Analysis

Type: OpenClaw Skill Name: claw2claude Version: 1.2.0 The skill orchestrates the 'Claude Code' CLI, requiring high-risk capabilities such as the use of '--dangerously-skip-permissions' to bypass interactive prompts and reading sensitive files in '~/.openclaw/credentials/' for JWT health checks (scripts/check_token.py). It utilizes background processes (scripts/notifier.py and scripts/heartbeat.py) to deliver results, which requires the user to manually weaken OpenClaw gateway security by allowing the 'message' tool and global session visibility in 'openclaw.json'. While these behaviors are documented as necessary for its function as a cross-runtime bridge, the combination of credential access, background execution, and reduced security boundaries represents a significant risk profile.

Capability Assessment

✓ Purpose & Capability

Name/description (delegate to local Claude CLI) matches required binaries (claude, python3), the scripts, and the files the skill reads/writes. Reading sessions.json to auto-detect the user's channel and writing a project session file / logs are coherent with the stated purpose. Reading ~/.openclaw/credentials/ for JWT expiry checks is explained in SKILL.md and consistent with connection health checks.

ℹ Instruction Scope

Runtime instructions and scripts stay inside the claimed scope (launch Claude, parse its stream, notify user). However notifier.py and heartbeat.py read openclaw.json for gateway auth and may call the OpenClaw gateway /tools/invoke endpoint or the Discord API directly. Those outbound calls (and the structured summary Claude is forced to emit) mean data produced by Claude — including anything read from the project directory or surfaced by Claude's reasoning — will be transmitted to the user's channel and potentially to external APIs. This is expected for delivery but increases the sensitivity of what gets forwarded automatically.

✓ Install Mechanism

Instruction-only skill with bundled scripts; no network install from untrusted URLs. Scripts are provided in the skill and no external download occurs at install time. This is lower risk than a remote code install, but shipped scripts will run on your machine — inspect them (you have them) before use.

⚠ Credentials

The skill declares no required environment variables, but it reads ~/.openclaw/openclaw.json (to obtain gateway port/auth and possibly platform tokens) and ~/.openclaw/credentials/ (for JWT expiry) at runtime. Using the gateway token or channel tokens (e.g., Discord) to send messages is necessary for the notifier/heartbeat functionality, but those tokens are powerful: a process with them can invoke gateway tools and inject messages into sessions. The SKILL.md asks you to modify openclaw.json to allow the 'message' tool and broaden session visibility — this increases what external processes can do. Those privileges are coherent with the feature, but they are sensitive and deserve careful review.

⚠ Persistence & Privilege

The skill runs detached background processes (notifier.py, heartbeat.py) which are designed to outlive the initiating turn and call gateway tools from outside an AI turn. While 'always' is false and the skill is user-invocable, the required manual config changes (gateway.tools.allow includes 'message' and tools.sessions.visibility set to 'all') grant out-of-turn message-sending and cross-session visibility — materially increasing attack surface and privilege for any background process that can read openclaw.json. The skill also launches Claude with --dangerously-skip-permissions for non-interactive operation; this is explained but removes interactive permission prompts for Claude sessions.

Version History

v1.2.0

**Summary:** This version adds full documentation of all system accesses, config requirements, and background processes to the skill's metadata for greater security transparency. - Expanded metadata to detail all files read/written, background processes, and required gateway/tool permissions. - Added a new "Security & Transparency" section explaining every file, process, and permission the skill uses. - Now documents the use of `--dangerously-skip-permissions`, directory access boundaries, and rationale. - Lists required user-side config changes for OpenClaw integration, with JSON examples. - No code changes detected; all updates are to documentation and metadata for transparency and user clarity.

v1.1.2

Fix the bug that sometimes the skill cannot send the claude output back to gateway

v1.1.1

Update the metadata in SKILL.md

v1.1.0

claw2claude 1.1.0 - License updated from MIT-0 to MIT. - Fix the bug of no reply from claude. - Upate the readme

v1.0.0

- Initial release of claw2claude skill. - Delegates user tasks to the local Claude Code CLI via orchestrated modes: discuss, execute, continue, and background. - Automatically activates for requests explicitly mentioning Claude, existing Claude projects, or when a stronger model is requested. - For significant or multi-step tasks, asks users whether to set up a Claude project before proceeding. - Clearly defines when to handle tasks directly versus invoking the Claude Code CLI. - Includes structured user prompts for each mode and clear communication about project path selection and launch notifications.

Metadata

Slug claw2claude

Version 1.2.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is Claw2Claude?

Delegates tasks to the local Claude Code CLI. Activate immediately when the user asks for Claude, requests a stronger model, or mentions an existing project... It is an AI Agent Skill for Claude Code / OpenClaw, with 131 downloads so far.

How do I install Claw2Claude?

Run "/install claw2claude" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Claw2Claude free?

Yes, Claw2Claude is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Claw2Claude support?

Claw2Claude is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin).

Who created Claw2Claude?

It is built and maintained by 小白 (@is-xins-xiaobai); the current version is v1.2.0.

More Skills

Claw2Claude