功能描述

Delegate programming tasks to Claude Code CLI

使用说明 (SKILL.md)

Claude Code Delegate

Name: Claude Code Delegate
Author: chenhab03

Delegate programming tasks to local Claude Code CLI.

RULE: You NEVER write code directly. ALL programming goes through claude -p.

Prerequisites Check (Run Before First Use)

Before delegating any task, verify the environment is ready:

Claude Code CLI installed: Run which claude — if not found, tell user: npm install -g @anthropic-ai/claude-code
API key configured: Run claude --version — if it errors about auth, tell user to run claude and complete login
Write-guard active (STRONGLY RECOMMENDED): Check if a write-guard plugin exists at .openclaw/extensions/write-guard/. If not, warn the user:

⚠️ No write-guard detected. The delegate uses --permission-mode bypassPermissions which grants full filesystem read/write access. It is strongly recommended to set up a write-guard plugin before running tasks. See README.md for setup instructions.

Only proceed with delegation after items 1 and 2 pass. Item 3 is a warning — the user may choose to proceed without it, but should be informed of the risk.

When to Trigger

Auto-trigger on ANY of these:

Write, modify, refactor, debug code
Create project files or directories
Run tests, lint, build
Code review, architecture planning
Edit any file (except memory/ and .relationship/)

Manual trigger: user sends /code \x3Ctask>

Do NOT trigger: chat, emotional interaction, information lookup.

Command Template

cd "\x3Cproject_dir>" && claude -p "\x3Ctask_description>" --output-format text --max-turns 10 --permission-mode bypassPermissions

Parameters

Param	Purpose	Required
`-p`	Non-interactive mode	Yes
`cd "\x3Cdir>" &&`	Set working dir (no --cwd flag exists)	Yes
`--output-format text`	Plain text output	Recommended
`--max-turns 10`	Limit execution rounds	Recommended
`--permission-mode bypassPermissions`	Auto-accept file edits (requires write-guard, see Prerequisites)	Recommended
`--continue`	Resume previous session (for debugging/iteration)	When fixing bugs in same project

FORBIDDEN: --dangerously-skip-permissions

Timeout

Set exec timeout to 300 (5 minutes). The delegate needs time to write code.

Async Flow (CRITICAL)

The delegate MUST NOT block you. You must remain responsive to the user at all times.

Correct Flow

Step 1: exec claude -p "..."          → get session ID (e.g. "marine-sage")
Step 2: IMMEDIATELY reply to user     → "On it! Working on that now."
Step 3: END your turn                 → do NOT use any more tools
Step 4: When user sends next message  → check with: exec "process poll marine-sage --timeout 1000"
Step 5: If done → relay results. If not done → tell user "still working", continue chat

WRONG (causes blocking)

exec claude -p "..." → process poll → (BLOCKED! user waits with no response)

Rules

After exec claude -p, you MUST reply to user and END your turn. No more tool calls.
NEVER use process tool directly. Use exec "process poll \x3Cid> --timeout 1000" on next user message.
Only check the delegate's status when the user sends a NEW message.
You can run multiple claude -p tasks in parallel.

Task Description Rules

Clear objective: what to do, which file
Provide context: function names, error messages, expected behavior
Specify constraints: language, framework, code style
One task per call

Debugging / Iteration

When user reports bugs in code the delegate previously wrote:

Use --continue flag to resume the delegate's session context
Same project directory + --continue = the delegate remembers what it wrote
Translate user's feedback into clear bug description for the delegate

Testing / Verification (Independent Review)

After the delegate writes code, use a separate fresh session (NO --continue) to test and verify it.

Why: The author has context bias. A fresh session reads the source code independently — like an external code reviewer. This catches issues the author missed.

Flow

Step 1: claude -p "Write X in projects/X/"              → Author session (can use --continue to iterate)
Step 2: claude -p "Run and test projects/X/, report bugs" → Tester session (ALWAYS fresh, NO --continue)

Rules

Author session: writes code, can use --continue to iterate on bugs
Tester session: NEVER uses --continue — must read source fresh
Tester reports: what it ran, output, pass/fail, bugs found
If tester finds bugs → relay to user, then send fix task to author session (with --continue)

When to Auto-Test

User says "test it" or "run it" after writing → use fresh session
User says "fix the bug" after testing → use --continue on author session
User says "run hot_sectors.py" (existing program) → fresh session (no prior context needed)

Session Decision Rule

Scenario	`--continue`?
Fix/iterate on code the delegate just wrote	Yes
Test/verify code the delegate just wrote	No (fresh session)
Run existing program	No (fresh session)
New project/task	No (fresh session)

Relaying Results

The delegate does not talk to the user directly. You relay all results.

When relaying:

Summarize what was done and which files changed
Add the delegate's personality (see PERSONA.md for character template)
Add your own reaction

Keep technical summary concise. Do not copy the delegate's full output verbatim.

Error Handling

Error	Action
`command not found`	Tell user to install: `npm install -g @anthropic-ai/claude-code`
Empty output	Ask user to clarify the task
Timeout	Suggest breaking into smaller tasks
Permission error	Ask user to check file path
API error	Ask user to run `claude` to check login status

Failure Rule

If the delegate fails or times out, do NOT write code yourself.

Tell the user: "The coding task didn't finish. Want me to try again?"

Retry with longer timeout or simpler task description. Only write code yourself if user explicitly says "you do it" (not recommended).

Security Best Practices

Always use an isolated project directory — Never run the delegate against your home directory, system config, or repositories containing secrets. Use a dedicated projects/ or workplace/ directory.
Set up the write-guard plugin — This is the most important safety measure. See README.md for the full plugin code. The write-guard blocks writes to platform config files (.openclaw/, LaunchAgents/, auth profiles) at the platform level.
Never use --dangerously-skip-permissions — This flag is explicitly forbidden. --permission-mode bypassPermissions is the correct flag and works with the write-guard.
Restrict to project scope — The cd "\x3Cproject_dir>" && prefix ensures the delegate operates within the intended directory. Never omit it.
Review delegate output — Always relay results through the main agent. Never let the delegate communicate directly with external services or users.

安全使用建议

This skill appears to do what it says (delegate code work to a local Claude Code CLI) but there are red flags you should address before using it: - Clarify metadata: the skill's files expect the 'claude' CLI and an ANTHROPIC_API_KEY, but the provided top-level registry metadata listed none. Ask the author to fix the manifest so required binaries/env are declared correctly. - Run in an isolated project directory first. Do not run the delegate from your home directory or against repos containing secrets or platform config. - Install the Claude Code CLI and confirm authentication manually (claude --version and claude login) before delegating. - Implement the write-guard BEFORE using the delegate. The skill recommends a plugin that blocks writes to OpenClaw/platform config — install such a guard and test it thoroughly. If you can't or won't install the guard, do NOT use --permission-mode bypassPermissions. - Consider adding an explicit install spec or verifying the npm package origin before installing (@anthropic-ai/claude-code). Prefer official releases and check checksums if possible. If you cannot verify these points or the author does not correct the manifest inconsistency, treat the skill as risky and avoid running it on machines with sensitive files or credentials.

功能分析

Type: OpenClaw Skill Name: claude-code-delegate Version: 0.1.1 The skill delegates programming tasks to the Claude Code CLI using the `--permission-mode bypassPermissions` flag, which grants the tool full filesystem access (SKILL.md). While the README.md and SKILL.md provide extensive security warnings and a 'write-guard' mitigation strategy to protect sensitive platform paths (e.g., ~/.openclaw/), the inherent capability to bypass permissions and execute arbitrary shell commands via a CLI constitutes a high-risk behavior. No evidence of malicious intent or data exfiltration was found, but the broad permissions required for operation fall under the threshold for suspicious activity.

能力评估

ℹ Purpose & Capability

The skill's name/description match its instructions: it delegates programming tasks to a local Claude Code CLI. However, the top-level registry metadata provided to you (which showed no required binaries/env) contradicts the embedded _meta.json/README/SKILL.md that explicitly require the 'claude' CLI and an ANTHROPIC_API_KEY or logged-in 'claude' session. That mismatch is an incoherence that should be resolved before trusting the skill.

⚠ Instruction Scope

SKILL.md instructs the agent to run shell commands (cd && claude -p ...) and to use --permission-mode bypassPermissions which grants broad filesystem read/write. The skill does include strong warnings and a recommended write-guard plugin, but the write-guard is only 'strongly recommended' not enforced. The instructions also require the agent to execute background processes and to poll them later — this is operationally complex and easy to mis-use (e.g., launching tasks against sensitive directories). Overall the runtime instructions permit actions that can read/modify any file on disk if the user omits the write-guard or runs in an unsafe directory.

ℹ Install Mechanism

This is instruction-only (no install spec) which keeps disk write risk low, but the README and SKILL.md instruct users to install the Claude Code CLI via npm (npm install -g @anthropic-ai/claude-code). The absence of a formal install spec in the skill registry is an inconsistency: the agent's environment may not have the CLI and the skill relies on that external install step.

⚠ Credentials

Requesting an Anthropic/Claude API key (or a logged-in 'claude' CLI) is proportionate to the claimed purpose. The problem is inconsistent declaration: the skill files and README expect ANTHROPIC_API_KEY and the 'claude' binary, but the top-level metadata provided earlier listed none. Also the guidance to run with --permission-mode bypassPermissions effectively requires broad filesystem access for the delegate — that level of privilege is plausible for a code-writing tool but is high-risk unless protected by an enforced guard. The mismatch in declared vs actual required credentials is the main proportionality issue.

ℹ Persistence & Privilege

The skill does not request 'always: true' and is user-invocable, which is appropriate. It recommends adding a write-guard plugin that hooks into platform events (before_tool_call) — creating such a plugin modifies platform behavior, which is reasonable for enforcing safety but does require elevated configuration access. Nothing in the skill tries to persist credentials or reconfigure other skills automatically, but the recommended guard itself needs to be installed by a human operator.

版本历史

v0.1.1

Security hardening: added required binaries/env declarations, prerequisites check, write-guard verification, and security best practices.

v0.1.0

claude-code-delegate v0.1.0 – Initial Release - Enables delegation of all programming tasks to Claude Code CLI via a clear, rule-based workflow. - Never writes code directly; all code actions are executed exclusively through the `claude -p` command. - Implements structured async flow to keep user interactions responsive and non-blocking. - Distinct session handling for code writing (with `--continue`) and independent testing (fresh session, no `--continue`). - Robust error handling and clear user guidance for common failures. - Concise result relaying with both technical summaries and personality-driven summaries.

元数据

Slug claude-code-delegate

版本 0.1.1

许可证 —

累计安装 2

当前安装数 1

历史版本数 2

常见问题