← 返回 Skills 市场
yaxuan42

claude-code (Deprecated alias)

作者 Yaxuan42 · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
845
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install claude-code-legacy
功能描述
Trigger Claude Code development tasks in observable tmux sessions with stable startup, progress visibility, and completion callback to OpenClaw. Use when use...
使用说明 (SKILL.md)

Claude Code Orchestrator (tmux-first)

Use tmux-based orchestration for long coding tasks to avoid silent hangs and make progress observable.

Standard workflow

  1. Create prompt file (avoid long shell quote issues).
  2. Start a dedicated tmux session.
  3. Launch claude --dangerously-skip-permissions in interactive mode.
  4. Paste prompt into Claude.
  5. Require callback command in prompt (via wrapper): bash {baseDir}/scripts/wake.sh "..." now
  6. Share socket/session attach command with user.
  7. On completion, review diff + lint/build + risk summary.

Start command

bash {baseDir}/scripts/start-tmux-task.sh \
  --label "gallery-detail-polish" \
  --workdir "/Users/yaxuan/.openclaw/workspace/work/active/02-gallery-ops" \
  --prompt-file "/Users/yaxuan/Downloads/gallery-website-design-system.md" \
  --task "参考这个修改我当前的画廊官网,注意优先打磨细节和质感,对整体结构展示先不用大改。"

Monitor commands

# attach
bash {baseDir}/scripts/monitor-tmux-task.sh --attach --session \x3Csession>

# capture last 200 lines
bash {baseDir}/scripts/monitor-tmux-task.sh --session \x3Csession> --lines 200

Task overview

List all running cc-* tasks at a glance — useful for "butler-style" summaries.

# Human-readable one-liner per task
bash {baseDir}/scripts/list-tasks.sh

# Structured JSON array (pipe to jq, feed to OpenClaw, etc.)
bash {baseDir}/scripts/list-tasks.sh --json | jq .

Options:

  • --lines \x3Cn> — number of trailing pane lines to capture per task (default 20).
  • --socket \x3Cpath> — tmux socket path (default $TMPDIR/clawdbot-tmux-sockets/clawdbot.sock).
  • --json — emit JSON array instead of human table.
  • --target ssh --ssh-host \x3Calias> — list sessions on a remote host.

Each entry contains: label, session, status, sessionAlive, reportExists, reportJsonPath, lastLines, updatedAt.

Combine with OpenClaw to generate a periodic butler summary:

# In an OpenClaw prompt / cron:
bash {baseDir}/scripts/list-tasks.sh --json | \
  openclaw gateway call summarize-tasks --stdin

Rules

  • Prefer interactive Claude in tmux for visibility (not long claude -p one-shot for large tasks).
  • Always include callback via wrapper bash {baseDir}/scripts/wake.sh "..." now in prompt.
  • Startup script now uses robust submit (ready-check + multi-Enter retry + execution-state detection) to avoid "prompt pasted but not submitted".
  • If no pane output for >2-3 min, inspect and restart session.
  • Kill stale Claude processes before restart.
  • Always return: session name + attach command + current status.

Status check (zero-token)

If wake not received within expected time, check task status before consuming tokens:

bash {baseDir}/scripts/status-tmux-task.sh --label \x3Clabel>

Output: STATUS=running|likely_done|stuck|idle|dead|done_session_ended

  • likely_done / done_session_ended → proceed to completion loop
  • running → wait
  • stuck → inspect (attach or capture-pane)
  • dead → session lost, run complete-tmux-task.sh fallback
  • idle → Claude may be waiting for input, inspect

Completion loop (mandatory)

When wake event "Claude Code done (...)" arrives, complete this loop immediately:

  1. Acknowledge user within 60s: "已收到完成信号,正在评估改动".
  2. Preferred path: read completion report generated by Claude Code task:
    • /tmp/cc-\x3Clabel>-completion-report.json
  3. If report missing, run local fallback immediately:
    • bash {baseDir}/scripts/complete-tmux-task.sh --label \x3Clabel> --workdir \x3Cworkdir>
  4. Mandatory deep-read: read full JSON/MD report before replying.
  5. Read context before replying:
    • Read completion report file(s) (/tmp/cc-\x3Clabel>-completion-report.json/.md)
    • Read recent tmux transcript (monitor script) to capture what Claude actually did/failed/tried
    • Incorporate the latest user constraints from current chat
  6. Then provide assistant analysis (not a fixed template):
    • what was actually completed
    • what is reliable vs uncertain
    • key risks/tradeoffs in the user's context
    • concrete next-step options
  7. Ask explicit decision from user if scope drift exists.

Do not stop at wake-only notification. Wake is trigger, not final delivery.

Anti-pattern to avoid

  • Forbidden: one-line fixed reply after wake without reading transcript + report.
  • Forbidden: only relaying "done + report path" without analysis in user context.
  • Forbidden: rigid templated output that ignores current conversation context.

Hard guardrails added

  • Prompt now enforces “no wake without report”:
    • task must write /tmp/cc-\x3Clabel>-completion-report.json + .md
    • final wake must include report=\x3Cjson_path>
  • Recovery command exists for deterministic fallback:
    • scripts/complete-tmux-task.sh reproduces evidence and emits structured report
  • Delivery SLA remains mandatory:
    • wake received -> ack \x3C= 60s -> report
安全使用建议
This package is a tmux-based orchestrator and the scripts do implement that, but three practical concerns before installing/running it: 1) Metadata omission — the package does not declare required binaries but the scripts require tmux, the 'claude' CLI (run with --dangerously-skip-permissions), rg, python3, git, jq, ssh/scp and the OpenClaw CLI. Ensure you have and trust these binaries. 2) Data flow — the workflow captures tmux transcripts, workspace diffs, and writes JSON/MD reports in /tmp and uses the OpenClaw CLI to send wake callbacks; if you use the example 'openclaw gateway call summarize-tasks' you will be sending transcripts/reports to OpenClaw. Review whether that is acceptable for your data. 3) Proxy & network routing — start script force-sets https/http/all_proxy to localhost:6152/6153 for the claude process; confirm you control any local proxy to avoid unexpected network routing. Recommended actions: manually review the scripts (especially start-tmux-task.sh, wake.sh, and any remote scp/ssh targets), run scripts/bootstrap.sh --dry-run to check for missing tools, avoid running as root, and only run against projects/hosts you trust. If the maintainer can update the registry metadata to list required binaries/CLIs and document the proxy behavior, that would reduce risk and increase confidence.
功能分析
Type: OpenClaw Skill Name: claude-code-legacy Version: 0.1.0 The skill bundle is highly suspicious due to multiple critical vulnerabilities that could lead to arbitrary code execution and data exfiltration. The `scripts/start-tmux-task.sh` script directly embeds user-controlled arguments (`--task`, `--lint-cmd`, `--build-cmd`) into the prompt given to the Claude AI, creating a severe prompt injection vulnerability against Claude. Additionally, `scripts/complete-tmux-task.sh` directly executes the `--lint-cmd` and `--build-cmd` arguments without sanitization, posing a shell injection risk. Several scripts (`list-tasks.sh`, `monitor-tmux-task.sh`, `status-tmux-task.sh`, `start-tmux-task.sh`) construct SSH commands using an unsanitized `$SSH_HOST` variable, leading to potential SSH command injection. The use of `claude --dangerously-skip-permissions` further escalates the impact of these vulnerabilities. While no explicit malicious intent (e.g., hardcoded exfiltration to an attacker's domain) is present, these flaws allow an attacker controlling input to achieve malicious objectives.
能力评估
Purpose & Capability
The SKILL.md describes orchestrating Claude Code in tmux and the included scripts implement that. However the registry metadata claims no required binaries or credentials while the scripts explicitly require/expect many tools (tmux, claude, rg, python3, git, jq, ssh/scp, openclaw CLI). That mismatch (metadata says 'none' but the code needs many tools) is incoherent and should be clarified.
Instruction Scope
Runtime instructions and scripts legitimately read workspace files, run git status/diff, capture tmux panes, and require reading/writing completion reports under /tmp — all consistent with delivering an observable task. Notable runtime behaviors: they run 'claude --dangerously-skip-permissions', set https_proxy/http_proxy/all_proxy to localhost for the launched claude process, and call the OpenClaw CLI (openclaw gateway call wake / openclaw gateway wake) to deliver wake callbacks. These behaviors mean transcripts/reports and possibly pasted prompt contents can be transmitted outwards (to the OpenClaw gateway or via whatever proxy is listening).
Install Mechanism
There is no external install spec (no network download/install), which lowers install-time risk. However the skill includes executable scripts that will run on the host when invoked; users should treat these as code they must review. The package does not attempt to fetch archives from unknown URLs.
Credentials
The skill declares no required env vars/credentials but the scripts implicitly depend on the OpenClaw CLI, the 'claude' binary, and SSH access to remote hosts (scp/ssh to MINI_HOST/SSH_HOST). The start script also forces export of proxy env vars (127.0.0.1:6152/6153) for the claude process, which can redirect network traffic through a local proxy — a potential exfiltration vector if a proxy is present. Asking for SSH/scp access and invoking external CLIs is plausible for this purpose but the lack of explicit declarations in metadata is disproportionate and increases risk if users assume no external access is needed.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or global agent configuration. It writes small state files into its own state/ directory and writes completion reports into /tmp; these are expected for the stated workflow. It will rely on any existing SSH keys/agent for remote operations but does not escalate privileges itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install claude-code-legacy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /claude-code-legacy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Deprecated alias pointing to claude-code-orchestrator
元数据
Slug claude-code-legacy
版本 0.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

claude-code (Deprecated alias) 是什么?

Trigger Claude Code development tasks in observable tmux sessions with stable startup, progress visibility, and completion callback to OpenClaw. Use when use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 845 次。

如何安装 claude-code (Deprecated alias)?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install claude-code-legacy」即可一键安装,无需额外配置。

claude-code (Deprecated alias) 是免费的吗?

是的,claude-code (Deprecated alias) 完全免费(开源免费),可自由下载、安装和使用。

claude-code (Deprecated alias) 支持哪些平台?

claude-code (Deprecated alias) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 claude-code (Deprecated alias)?

由 Yaxuan42(@yaxuan42)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论