← Back to Skills Marketplace
443
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-copilot-cli
Description
Run GitHub Copilot CLI via exec to generate code, edit files, or automate shell tasks using advanced AI models like Claude or GPT-5.
Usage Guidance
This skill is coherent with its stated purpose (wrapping the GitHub Copilot CLI) but it instructs you to run Copilot with flags and modes that can access and transmit local files and session data. Before installing/use: 1) Only install the copilot binary from official sources (npm/@github or Homebrew). 2) Avoid using --allow-all / --yolo unless you understand and accept that Copilot may access local files, URLs, and system tools. 3) Be cautious about AGENTS.md auto-loading and session outputs (session.md, ~/.copilot/logs) — these can contain workspace content; review them and store them securely. 4) Consider running Copilot in a sandbox/container or a copy of the workspace with sensitive data removed. 5) If you enable autonomous agent invocation, restrict when and how this skill can be called (or require explicit user confirmation) because the combination of autonomous calls + broad flags increases exposure risk. If you want, I can suggest safer invocation flags and a minimal test workflow to verify behavior in a controlled environment.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-copilot-cli
Version: 1.0.0
The SKILL.md explicitly instructs the OpenClaw agent to execute the `copilot` CLI with the highly permissive `--allow-all` (or `--yolo`) flag. This flag grants the `copilot` CLI, and by extension the agent, broad capabilities including arbitrary file system access, network requests, and shell command execution. This creates a significant remote code execution (RCE) and data exfiltration risk, as a malicious prompt could exploit these permissions to compromise the host system. While not directly malicious code, this configuration introduces a severe vulnerability.
Capability Assessment
Purpose & Capability
Name/description match the instructions: the SKILL.md only documents invoking the GitHub Copilot CLI, installing via npm/brew, and authenticating via GitHub. There are no unrelated required env vars, binaries, or config paths declared.
Instruction Scope
The instructions explicitly recommend flags and modes that grant the Copilot process broad access (e.g., --allow-all / --yolo), run it interactively via PTY and use process send-keys, and reference auto-loading of AGENTS.md and logs at ~/.copilot/logs. Those steps can cause the CLI to read local files, session state, or upload workspace content to external services — behavior beyond merely generating text and therefore a potential data-exfiltration/privacy risk.
Install Mechanism
No install spec baked into the skill (instruction-only). The README-style instructions point to npm or Homebrew official installs for @github/copilot, which are standard installation routes and not itself suspicious.
Credentials
The skill declares no required env vars or credentials, which is proportionate. However, runtime use requires a GitHub login/Copilot subscription (interactive OAuth/token storage), and the recommended flags may cause local files or credentials to be accessed or transmitted by the Copilot service. The SKILL.md does not request unrelated credentials, but it implicitly relies on GitHub auth and local stored tokens.
Persistence & Privilege
always:false and no requests to modify other skills — that's appropriate. But allow-list flags and interactive automation combined with the platform-default ability for agents to invoke skills autonomously increase potential blast radius if the agent is permitted to call this skill without human oversight.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-copilot-cli - After installation, invoke the skill by name or use
/openclaw-copilot-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
v1.0: Copilot CLI integration for code gen, automation, NFT scripts. Escape-powered! 🔩
Metadata
Frequently Asked Questions
What is OpenClaw Copilot CLI Wrapper?
Run GitHub Copilot CLI via exec to generate code, edit files, or automate shell tasks using advanced AI models like Claude or GPT-5. It is an AI Agent Skill for Claude Code / OpenClaw, with 443 downloads so far.
How do I install OpenClaw Copilot CLI Wrapper?
Run "/install openclaw-copilot-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Copilot CLI Wrapper free?
Yes, OpenClaw Copilot CLI Wrapper is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Copilot CLI Wrapper support?
OpenClaw Copilot CLI Wrapper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Copilot CLI Wrapper?
It is built and maintained by binotaliu (@binotaliu); the current version is v1.0.0.
More Skills