← Back to Skills Marketplace
allanjeng

Codecast

by Allan Jeng · GitHub ↗ · v4.1.0
cross-platform ⚠ suspicious
1554
Downloads
0
Stars
2
Active Installs
16
Versions
Install in OpenClaw
/install codecast
Description
Stream coding agent sessions (Claude Code, Codex, Gemini CLI, etc.) to a Discord channel in real-time via webhook. Use when invoking coding agents and wantin...
README (SKILL.md)

Codecast

Live-stream coding agent sessions to Discord. Zero AI tokens burned.

Setup

First-time setup: see references/setup.md for webhook creation, unbuffer install, bot token, and smoke test.

Invocation

Launch with exec background:true. Background exec sessions survive agent turns and OpenClaw fires notifyOnExit automatically when the process ends.

exec background:true command:"{baseDir}/scripts/dev-relay.sh -w ~/projects/myapp -- claude -p --dangerously-skip-permissions --output-format stream-json --verbose 'Your task here'"

Note the session ID from the response — use it to monitor via process.

Options

Flag Description Default
-w \x3Cdir> Working directory Current dir
-t \x3Csec> Timeout 1800
-h \x3Csec> Hang threshold 120
-n \x3Cname> Agent display name Auto-detected
-r \x3Cn> Rate limit (posts/60s) 25
--thread Post into a Discord thread Off
--skip-reads Hide Read tool events Off
--review \x3Curl> PR review mode
--parallel \x3Cfile> Parallel tasks mode
--resume \x3Cdir> Replay session

For PR review, parallel tasks, Discord bridge, and Codex structured output: see references/advanced-modes.md.

Agent Launch Checklist

  1. Start background session → note session ID and PID from response
  2. Post to dev channel → announce agent name, workdir, task
  3. Write breadcrumb for completion routing: 
    echo '{"channel":"\x3Cinvoking-channel-id>","relayDir":"\x3Crelay-dir>","pid":\x3CPID>}' > /tmp/codecast-pending-\x3CPID>.json
  4. Log to daily memory → session ID, relay dir, invoking channel

The breadcrumb file tells the heartbeat precheck where to post results when the session completes. It auto-detects completion by checking if the PID is still alive.

That's it. When the process ends, OpenClaw's notifyOnExit fires a system event + heartbeat request. The heartbeat handler reads the result from the relay dir's stream.jsonl and posts to the invoking channel.

Completion Detection

OpenClaw handles this natively:

  • tools.exec.notifyOnExit: true (default) — system event + heartbeat on process exit
  • Heartbeat precheck script detects completed sessions via /tmp/dev-relay-sessions/
  • No cron watcher needed

Backup: Append this to the inner agent's prompt for an additional signal:

When completely finished, run: openclaw system event --text "Done: \x3Cbrief summary>" --mode now

Monitoring

process poll sessionId:\x3Cid>        # Check status
process log sessionId:\x3Cid>         # View recent output
process kill sessionId:\x3Cid>        # Stop session

Agent Support

Agent Output Mode Status
Claude Code stream-json Full support
Codex --json JSONL Full support
Any CLI Raw ANSI Basic support

Session Tracking

  • Active sessions: /tmp/dev-relay-sessions/\x3CPID>.json (auto-removed on end)
  • Event logs: /tmp/dev-relay.XXXXXX/stream.jsonl (7-day auto-cleanup)
  • Interactive input: process submit sessionId:\x3Cid> data:"message"

Reference Docs

  • Setup guide — first-time install, webhook, bot token
  • Advanced modes — PR review, parallel tasks, Discord bridge, Codex
  • Discord output — message formats, architecture, env vars, troubleshooting
Usage Guidance
This skill will post live agent activity (including file reads/edits, command outputs, and potentially file contents) to a Discord webhook or channel. Before installing: 1) Review all included scripts (they are shipped with the skill) and understand they can clone repos and run code (PR review mode) and can inject input into/kill agent processes. 2) Do NOT enable the suggested Claude 'bypassPermissions' setting or use --dangerously-skip-permissions unless you fully understand the security impact — it disables model-level protections. 3) Treat any bot token or webhook as sensitive: prefer one-way webhook posting (no BOT token) if you only need relay output; restrict allowed Discord users and channels when using the bridge. 4) Run the skill in a sandbox/container or isolated account, and avoid mounting host secrets into the working directories. 5) If you plan to use PR review or parallel modes, ensure gh/git access is limited and consider running those features on a throwaway runner. 6) The registry metadata omitted several env/credential requirements — expect to supply CODECAST_BOT_TOKEN / .bot-token, a webhook URL file, and gh CLI credentials; only proceed if you accept that scope and have audited the scripts.
Capability Analysis
Type: OpenClaw Skill Name: codecast Version: 4.1.0 The skill is classified as suspicious primarily due to a critical shell injection vulnerability found in `scripts/parallel-tasks.sh` and `scripts/review-pr.sh`. Both scripts use `eval` to construct and execute `dev-relay.sh` commands, where arguments like `WORKDIR`, `TASK_DIR`, `TASK_PROMPT`, and `CUSTOM_PROMPT` are derived from user-controlled input (e.g., `tasks.txt` or CLI flags). If these inputs contain shell metacharacters, they could lead to arbitrary command execution (RCE) on the host system. While the skill's stated purpose is benign (streaming agent sessions to Discord), this vulnerability allows for unauthorized execution. Additionally, the skill handles sensitive Discord bot tokens (from environment, macOS Keychain, or files like `.bot-token`), and `scripts/discord-bridge.py` allows external Discord users to send arbitrary input to agent sessions, which, while documented, represents a powerful capability that could be misused.
Capability Assessment
Purpose & Capability
The name/description (stream coding sessions to Discord) matches the shipped scripts, but the skill requires additional runtime capabilities not declared in the registry metadata: Discord bot token usage, webhook storage, GH/gh CLI access (for PR review), and macOS keychain access are referenced in docs/scripts but not listed as required env vars. PR review mode clones repos and runs arbitrary code — coherent with a review feature but raises extra privileges that a user should expect to be explicitly requested.
Instruction Scope
Runtime instructions and scripts go beyond just relaying stdout: they advise creating ~/.claude/settings.json to 'bypassPermissions' and use --dangerously-skip-permissions (disabling agent permission checks), clone remote repos and run agents against them, read and post file contents to Discord (potentially leaking secrets), write session breadcrumbs in /tmp, and create/consume named pipes or /proc/<pid>/fd/0 to forward input. These steps can enable exfiltration and remote-driven command execution and are not limited to benign streaming.
Install Mechanism
There is no install spec (instruction-only), and all code is included in the bundle (shell + Python). That lowers remote-install risk, but some runtime dependencies are implied (python3, unbuffer, curl, gh, websocket-client) yet not centrally declared. No external download URLs are used, which is good; however missing dependency declarations mean operators might run the skill without realizing required packages and capabilities.
Credentials
Registry metadata lists no required env vars, but SKILL.md and scripts expect/optionally use several secrets and env vars: WEBHOOK_URL/.webhook-url, CODECAST_BOT_TOKEN (or .bot-token), BRIDGE_CHANNEL_ID, BRIDGE_ALLOWED_USERS, CODECAST_RATE_LIMIT, and optional keychain access. The skill also relies on gh CLI authentication for PR review mode. Secrets and credential access are not declared up-front, which is disproportionate to a simple 'stream to Discord' description and hides the credential blast radius.
Persistence & Privilege
always:false (no forced persistence) and user-invocable:false are appropriate. The skill does create /tmp/dev-relay-sessions entries, writes stream.jsonl and breadcrumb files, and the bridge can send signals (os.kill) and write to /proc/<pid>/fd/0 or a named pipe to inject stdin into other processes. Those are powerful runtime privileges (process control and inter-process I/O) — coherent with an interactive relay but worth caution. No evidence the skill modifies other skills or global agent configs beyond its own files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install codecast
  3. After installation, invoke the skill by name or use /codecast
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.1.0
Breadcrumb-based completion routing
v4.0.0
Native exec background replaces nohup/cron watcher. Simpler, more reliable.
v3.2.0
Version 3.2.0 - Restructured documentation for clarity; split setup and advanced features into dedicated reference files. - Added new reference docs: setup guide, advanced modes (PR review, parallel tasks, Discord output), and Discord message formats. - Removed CHANGELOG.md; all changelogs are now maintained externally. - SKILL.md now includes a concise setup summary and links to detailed guides, with a streamlined invocation section and essential operational checklist.
v3.1.0
- Added new script: scripts/codecast-watch.sh. - Updated documentation in SKILL.md. - No changes to user-facing features or interface.
v3.0.2
- Minor update to scripts/dev-relay.sh. - No user-facing changes or feature updates. - Internal adjustments or maintenance only.
v3.0.1
- Minor update to `scripts/dev-relay.sh`. - No user-facing feature or documentation changes.
v3.0.0
**Major update: Adds PR review mode, parallel tasks, and improved agent stream detection.** - New: PR review mode (`--review <url>`) to automatically review GitHub pull requests with an agent and stream results to Discord, with optional PR commenting. - New: Parallel tasks mode (`--parallel <file>`) to launch multiple codecast sessions concurrently from a task file. - Enhancement: `parse-stream.py` now auto-detects and parses Codex CLI structured `--json` event streams (commands, file changes, messages) for rich Discord formatting. - Added: New utility scripts for Discord bridging, parallel execution, and automated PR review. - Minor: Updated documentation and option tables to cover new features and usage examples.
v2.3.0
# codecast 2.3.0 - Added a dedicated CHANGELOG.md file for clearer tracking of updates. - Improved SKILL.md with clarified instructions on agent integration, emphasizing the use of `nohup` instead of `exec background:true` to prevent long session termination. - Added a "Prompt Template" section to encourage consistent completion detection in agent session prompts. - Updated invocation examples to showcase recommended usage and robust notification practices. - General documentation cleanup for better step-by-step guidance and visibility of advanced and agent-facing options.
v2.2.0
Critical fix: exec background:true SIGKILL'd after ~15-20s. Use nohup instead. Updated all invocation docs and examples.
v2.1.0
Hardened
v2.0.2
Fixed resume infinite loop (parser was reading+writing same stream.jsonl). Replay mode skips rate limiting with 0.5s delay between posts instead.
v2.0.1
Thread mode: fixed to use bot API for text channels (webhooks can only create forum threads). Resume: fixed empty ARGS array crash. Bot token: read from .bot-token file, graceful fallback if missing.
v2.0.0
Major update: platform abstraction (Discord implemented, Slack/Teams interface ready), smart file previews with line counts, bash output display, rate limiting (25/min), cumulative cost tracking, Discord thread mode (--thread), skip-reads filter (--skip-reads), session resume (--resume), end-of-session summary with files/commands/costs. Fixed crash on non-dict content blocks.
v1.0.2
Error handling: validate webhook URL on start, check for unbuffer, clear error messages with fix instructions for all failure modes.
v1.0.1
Improved setup docs: chmod instructions, webhook creation via API, clearer first-time setup flow.
v1.0.0
Initial release: Live-stream coding agent sessions to Discord. Supports Claude Code (stream-json parsing), Codex, Gemini CLI, and any CLI tool. Zero token burn.
Metadata
Slug codecast
Version 4.1.0
License
All-time Installs 2
Active Installs 2
Total Versions 16
Frequently Asked Questions

What is Codecast?

Stream coding agent sessions (Claude Code, Codex, Gemini CLI, etc.) to a Discord channel in real-time via webhook. Use when invoking coding agents and wantin... It is an AI Agent Skill for Claude Code / OpenClaw, with 1554 downloads so far.

How do I install Codecast?

Run "/install codecast" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Codecast free?

Yes, Codecast is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Codecast support?

Codecast is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Codecast?

It is built and maintained by Allan Jeng (@allanjeng); the current version is v4.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments