← 返回 Skills 市场
allanjeng

Codecast

作者 Allan Jeng · GitHub ↗ · v4.1.0
cross-platform ⚠ suspicious
1554
总下载
0
收藏
2
当前安装
16
版本数
在 OpenClaw 中安装
/install codecast
功能描述
Stream coding agent sessions (Claude Code, Codex, Gemini CLI, etc.) to a Discord channel in real-time via webhook. Use when invoking coding agents and wantin...
使用说明 (SKILL.md)

Codecast

Live-stream coding agent sessions to Discord. Zero AI tokens burned.

Setup

First-time setup: see references/setup.md for webhook creation, unbuffer install, bot token, and smoke test.

Invocation

Launch with exec background:true. Background exec sessions survive agent turns and OpenClaw fires notifyOnExit automatically when the process ends.

exec background:true command:"{baseDir}/scripts/dev-relay.sh -w ~/projects/myapp -- claude -p --dangerously-skip-permissions --output-format stream-json --verbose 'Your task here'"

Note the session ID from the response — use it to monitor via process.

Options

Flag Description Default
-w \x3Cdir> Working directory Current dir
-t \x3Csec> Timeout 1800
-h \x3Csec> Hang threshold 120
-n \x3Cname> Agent display name Auto-detected
-r \x3Cn> Rate limit (posts/60s) 25
--thread Post into a Discord thread Off
--skip-reads Hide Read tool events Off
--review \x3Curl> PR review mode
--parallel \x3Cfile> Parallel tasks mode
--resume \x3Cdir> Replay session

For PR review, parallel tasks, Discord bridge, and Codex structured output: see references/advanced-modes.md.

Agent Launch Checklist

  1. Start background session → note session ID and PID from response
  2. Post to dev channel → announce agent name, workdir, task
  3. Write breadcrumb for completion routing: 
    echo '{"channel":"\x3Cinvoking-channel-id>","relayDir":"\x3Crelay-dir>","pid":\x3CPID>}' > /tmp/codecast-pending-\x3CPID>.json
  4. Log to daily memory → session ID, relay dir, invoking channel

The breadcrumb file tells the heartbeat precheck where to post results when the session completes. It auto-detects completion by checking if the PID is still alive.

That's it. When the process ends, OpenClaw's notifyOnExit fires a system event + heartbeat request. The heartbeat handler reads the result from the relay dir's stream.jsonl and posts to the invoking channel.

Completion Detection

OpenClaw handles this natively:

  • tools.exec.notifyOnExit: true (default) — system event + heartbeat on process exit
  • Heartbeat precheck script detects completed sessions via /tmp/dev-relay-sessions/
  • No cron watcher needed

Backup: Append this to the inner agent's prompt for an additional signal:

When completely finished, run: openclaw system event --text "Done: \x3Cbrief summary>" --mode now

Monitoring

process poll sessionId:\x3Cid>        # Check status
process log sessionId:\x3Cid>         # View recent output
process kill sessionId:\x3Cid>        # Stop session

Agent Support

Agent Output Mode Status
Claude Code stream-json Full support
Codex --json JSONL Full support
Any CLI Raw ANSI Basic support

Session Tracking

  • Active sessions: /tmp/dev-relay-sessions/\x3CPID>.json (auto-removed on end)
  • Event logs: /tmp/dev-relay.XXXXXX/stream.jsonl (7-day auto-cleanup)
  • Interactive input: process submit sessionId:\x3Cid> data:"message"

Reference Docs

  • Setup guide — first-time install, webhook, bot token
  • Advanced modes — PR review, parallel tasks, Discord bridge, Codex
  • Discord output — message formats, architecture, env vars, troubleshooting
安全使用建议
This skill will post live agent activity (including file reads/edits, command outputs, and potentially file contents) to a Discord webhook or channel. Before installing: 1) Review all included scripts (they are shipped with the skill) and understand they can clone repos and run code (PR review mode) and can inject input into/kill agent processes. 2) Do NOT enable the suggested Claude 'bypassPermissions' setting or use --dangerously-skip-permissions unless you fully understand the security impact — it disables model-level protections. 3) Treat any bot token or webhook as sensitive: prefer one-way webhook posting (no BOT token) if you only need relay output; restrict allowed Discord users and channels when using the bridge. 4) Run the skill in a sandbox/container or isolated account, and avoid mounting host secrets into the working directories. 5) If you plan to use PR review or parallel modes, ensure gh/git access is limited and consider running those features on a throwaway runner. 6) The registry metadata omitted several env/credential requirements — expect to supply CODECAST_BOT_TOKEN / .bot-token, a webhook URL file, and gh CLI credentials; only proceed if you accept that scope and have audited the scripts.
功能分析
Type: OpenClaw Skill Name: codecast Version: 4.1.0 The skill is classified as suspicious primarily due to a critical shell injection vulnerability found in `scripts/parallel-tasks.sh` and `scripts/review-pr.sh`. Both scripts use `eval` to construct and execute `dev-relay.sh` commands, where arguments like `WORKDIR`, `TASK_DIR`, `TASK_PROMPT`, and `CUSTOM_PROMPT` are derived from user-controlled input (e.g., `tasks.txt` or CLI flags). If these inputs contain shell metacharacters, they could lead to arbitrary command execution (RCE) on the host system. While the skill's stated purpose is benign (streaming agent sessions to Discord), this vulnerability allows for unauthorized execution. Additionally, the skill handles sensitive Discord bot tokens (from environment, macOS Keychain, or files like `.bot-token`), and `scripts/discord-bridge.py` allows external Discord users to send arbitrary input to agent sessions, which, while documented, represents a powerful capability that could be misused.
能力评估
Purpose & Capability
The name/description (stream coding sessions to Discord) matches the shipped scripts, but the skill requires additional runtime capabilities not declared in the registry metadata: Discord bot token usage, webhook storage, GH/gh CLI access (for PR review), and macOS keychain access are referenced in docs/scripts but not listed as required env vars. PR review mode clones repos and runs arbitrary code — coherent with a review feature but raises extra privileges that a user should expect to be explicitly requested.
Instruction Scope
Runtime instructions and scripts go beyond just relaying stdout: they advise creating ~/.claude/settings.json to 'bypassPermissions' and use --dangerously-skip-permissions (disabling agent permission checks), clone remote repos and run agents against them, read and post file contents to Discord (potentially leaking secrets), write session breadcrumbs in /tmp, and create/consume named pipes or /proc/<pid>/fd/0 to forward input. These steps can enable exfiltration and remote-driven command execution and are not limited to benign streaming.
Install Mechanism
There is no install spec (instruction-only), and all code is included in the bundle (shell + Python). That lowers remote-install risk, but some runtime dependencies are implied (python3, unbuffer, curl, gh, websocket-client) yet not centrally declared. No external download URLs are used, which is good; however missing dependency declarations mean operators might run the skill without realizing required packages and capabilities.
Credentials
Registry metadata lists no required env vars, but SKILL.md and scripts expect/optionally use several secrets and env vars: WEBHOOK_URL/.webhook-url, CODECAST_BOT_TOKEN (or .bot-token), BRIDGE_CHANNEL_ID, BRIDGE_ALLOWED_USERS, CODECAST_RATE_LIMIT, and optional keychain access. The skill also relies on gh CLI authentication for PR review mode. Secrets and credential access are not declared up-front, which is disproportionate to a simple 'stream to Discord' description and hides the credential blast radius.
Persistence & Privilege
always:false (no forced persistence) and user-invocable:false are appropriate. The skill does create /tmp/dev-relay-sessions entries, writes stream.jsonl and breadcrumb files, and the bridge can send signals (os.kill) and write to /proc/<pid>/fd/0 or a named pipe to inject stdin into other processes. Those are powerful runtime privileges (process control and inter-process I/O) — coherent with an interactive relay but worth caution. No evidence the skill modifies other skills or global agent configs beyond its own files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codecast
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codecast 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.1.0
Breadcrumb-based completion routing
v4.0.0
Native exec background replaces nohup/cron watcher. Simpler, more reliable.
v3.2.0
Version 3.2.0 - Restructured documentation for clarity; split setup and advanced features into dedicated reference files. - Added new reference docs: setup guide, advanced modes (PR review, parallel tasks, Discord output), and Discord message formats. - Removed CHANGELOG.md; all changelogs are now maintained externally. - SKILL.md now includes a concise setup summary and links to detailed guides, with a streamlined invocation section and essential operational checklist.
v3.1.0
- Added new script: scripts/codecast-watch.sh. - Updated documentation in SKILL.md. - No changes to user-facing features or interface.
v3.0.2
- Minor update to scripts/dev-relay.sh. - No user-facing changes or feature updates. - Internal adjustments or maintenance only.
v3.0.1
- Minor update to `scripts/dev-relay.sh`. - No user-facing feature or documentation changes.
v3.0.0
**Major update: Adds PR review mode, parallel tasks, and improved agent stream detection.** - New: PR review mode (`--review <url>`) to automatically review GitHub pull requests with an agent and stream results to Discord, with optional PR commenting. - New: Parallel tasks mode (`--parallel <file>`) to launch multiple codecast sessions concurrently from a task file. - Enhancement: `parse-stream.py` now auto-detects and parses Codex CLI structured `--json` event streams (commands, file changes, messages) for rich Discord formatting. - Added: New utility scripts for Discord bridging, parallel execution, and automated PR review. - Minor: Updated documentation and option tables to cover new features and usage examples.
v2.3.0
# codecast 2.3.0 - Added a dedicated CHANGELOG.md file for clearer tracking of updates. - Improved SKILL.md with clarified instructions on agent integration, emphasizing the use of `nohup` instead of `exec background:true` to prevent long session termination. - Added a "Prompt Template" section to encourage consistent completion detection in agent session prompts. - Updated invocation examples to showcase recommended usage and robust notification practices. - General documentation cleanup for better step-by-step guidance and visibility of advanced and agent-facing options.
v2.2.0
Critical fix: exec background:true SIGKILL'd after ~15-20s. Use nohup instead. Updated all invocation docs and examples.
v2.1.0
Hardened
v2.0.2
Fixed resume infinite loop (parser was reading+writing same stream.jsonl). Replay mode skips rate limiting with 0.5s delay between posts instead.
v2.0.1
Thread mode: fixed to use bot API for text channels (webhooks can only create forum threads). Resume: fixed empty ARGS array crash. Bot token: read from .bot-token file, graceful fallback if missing.
v2.0.0
Major update: platform abstraction (Discord implemented, Slack/Teams interface ready), smart file previews with line counts, bash output display, rate limiting (25/min), cumulative cost tracking, Discord thread mode (--thread), skip-reads filter (--skip-reads), session resume (--resume), end-of-session summary with files/commands/costs. Fixed crash on non-dict content blocks.
v1.0.2
Error handling: validate webhook URL on start, check for unbuffer, clear error messages with fix instructions for all failure modes.
v1.0.1
Improved setup docs: chmod instructions, webhook creation via API, clearer first-time setup flow.
v1.0.0
Initial release: Live-stream coding agent sessions to Discord. Supports Claude Code (stream-json parsing), Codex, Gemini CLI, and any CLI tool. Zero token burn.
元数据
Slug codecast
版本 4.1.0
许可证
累计安装 2
当前安装数 2
历史版本数 16
常见问题

Codecast 是什么?

Stream coding agent sessions (Claude Code, Codex, Gemini CLI, etc.) to a Discord channel in real-time via webhook. Use when invoking coding agents and wantin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1554 次。

如何安装 Codecast?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codecast」即可一键安装,无需额外配置。

Codecast 是免费的吗?

是的,Codecast 完全免费(开源免费),可自由下载、安装和使用。

Codecast 支持哪些平台?

Codecast 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Codecast?

由 Allan Jeng(@allanjeng)开发并维护,当前版本 v4.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论