← Back to Skills Marketplace
OpenClaw Coding Agent Workflows
by
Daniel Sinewe
· GitHub ↗
· v1.0.0
· MIT-0
111
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-coding-agent-workflows
Description
Delegate coding tasks to Codex, Claude Code, Pi, or OpenCode from bash with safe launch modes, background monitoring, and repo-isolated review workflows.
Usage Guidance
This skill is coherent with its goal of orchestrating other coding agents, but there are actionable concerns you should consider before using it:
- Missing local dependencies: Examples call git, gh, mktemp, and bash behaviors not declared in the metadata. Ensure those CLIs exist and are the versions you expect.
- Permission bypass: The advice to run Claude Code with '--permission-mode bypassPermissions' effectively disables safety controls. Avoid that flag unless you fully trust the agent binary and isolate its execution environment.
- Full-auto + PTY risk: Running agent binaries with PTY:true and --full-auto lets the remote agent execute arbitrary commands inside your repository. Use temp clones or worktrees (as the guide suggests), scan outputs, and never run this on sensitive repos or your real OpenClaw config (~/.openclaw).
- Credential handling: The skill does not request credentials, but the agent CLIs likely need API keys or gh auth. Verify where those credentials are stored and limit their scope (least privilege). Prefer ephemeral tokens and sandboxed environments.
- Audit and gating: Add review gates (manual approval before merges), run tests in sandboxed CI, and consider restricting network or filesystem access for agent runs.
Given the permission-bypass recommendation and the omission of other required tools, treat this skill as high-risk and only run it in isolated, disposable environments until you validate its behavior and configuration.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-coding-agent-workflows
Version: 1.0.0
The skill facilitates the orchestration of external coding agents (Codex, Claude Code, etc.) using high-risk execution patterns, including interactive PTY sessions and the '--permission-mode bypassPermissions' flag in SKILL.md. While these capabilities are plausibly needed for the stated purpose of autonomous coding and the documentation suggests safety practices like using temporary directories for PR reviews, the instructions grant broad, unmonitored shell access to sub-agents, which is a high-risk behavior.
Capability Assessment
Purpose & Capability
The name/description claim to delegate coding agents, and the skill only requires at least one agent binary (claude, codex, opencode, pi), which aligns with the purpose. However, the runtime instructions routinely call other local tools (git, gh, mktemp, bash) and rely on CLI semantics (process action:*, openclaw system event) that are not declared in the metadata. The omission of utilities like git/gh and reliance on unrestricted cloning/execution is an inconsistency (not necessarily malicious) that the user should be aware of.
Instruction Scope
SKILL.md instructs the agent to run external coding agents in PTY/full-auto modes and to clone and execute inside repositories. It explicitly recommends Claude Code use '--permission-mode bypassPermissions' (which appears to circumvent permission constraints). The instructions permit launching long-running background sessions and submitting interactive responses — all of which can execute arbitrary code inside local checkouts. While these actions are within the claimed purpose, the permission-bypass recommendation and the lack of explicit safety checks or audit/verification steps are significant scope concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by installation. That is the lowest install risk.
Credentials
No environment variables or credentials are requested by the skill metadata, which is proportionate. That said, example workflows expect tools that may themselves require credentials (e.g., gh, codex/claude API keys) but the skill does not declare or explain how to supply or protect those. The explicit encouragement to use '--permission-mode bypassPermissions' for Claude Code is disproportionate for a skill that doesn't otherwise request elevated access — it suggests bypassing protections outside the skill's declared scope.
Persistence & Privilege
always:false and no install-time persistence are set. The skill can be invoked autonomously per platform defaults, which is expected. It does not request to modify other skills or agent-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-coding-agent-workflows - After installation, invoke the skill by name or use
/openclaw-coding-agent-workflows - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: OpenClaw coding-agent orchestration workflow with execution matrix, background session control, and repo-safe review patterns.
Metadata
Frequently Asked Questions
What is OpenClaw Coding Agent Workflows?
Delegate coding tasks to Codex, Claude Code, Pi, or OpenCode from bash with safe launch modes, background monitoring, and repo-isolated review workflows. It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.
How do I install OpenClaw Coding Agent Workflows?
Run "/install openclaw-coding-agent-workflows" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Coding Agent Workflows free?
Yes, OpenClaw Coding Agent Workflows is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw Coding Agent Workflows support?
OpenClaw Coding Agent Workflows is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Coding Agent Workflows?
It is built and maintained by Daniel Sinewe (@danielsinewe); the current version is v1.0.0.
More Skills