← 返回 Skills 市场
Step 3: Handling a
346
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install coding-cli-management
功能描述
Manage and execute AI coding CLI tools on behalf of Workers by running their coding prompts in the Worker’s workspace and returning results.
使用说明 (SKILL.md)
Coding CLI Management
This skill enables the Manager to execute AI coding CLI tools (claude/gemini/qodercli) on behalf of Workers. Workers generate precise prompts; the Manager runs the CLI in the Worker's workspace and returns the result.
Config File
Path: ~/coding-cli-config.json
{
"enabled": true,
"cli": "claude",
"confirmed_at": "2026-02-23T10:00:00Z"
}
enabled |
cli |
Meaning |
|---|---|---|
false |
any | Admin declined; use normal task flow |
true |
"claude" / "gemini" / "qodercli" |
Active — use this CLI |
Step 1: First-Time Detection (before assigning a coding task)
Run when ~/coding-cli-config.json does not exist:
bash /opt/hiclaw/agent/skills/coding-cli-management/scripts/detect-available-cli.sh
If no CLIs are available (available array is empty):
echo '{"enabled":false,"cli":null,"confirmed_at":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' \
> ~/coding-cli-config.json
Proceed with normal task assignment (Worker codes on their own).
If CLIs are available, ask the admin via the primary channel or Matrix DM — in the language the admin used:
I found the following AI coding CLI tools available: [list]. Would you like to enable CLI delegation mode? Workers will generate coding prompts, and I'll use the CLI tool to make the code changes. Reply with the tool name (claude/gemini/qodercli) to enable, or 'no' to have workers code on their own.
On admin reply:
- Tool name (
claude/gemini/qodercli):echo '{"enabled":true,"cli":"\x3Cchosen-tool>","confirmed_at":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' \ > ~/coding-cli-config.json "no"or decline:echo '{"enabled":false,"cli":null,"confirmed_at":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"}' \ > ~/coding-cli-config.json
Step 2: Assigning a Coding Task (CLI mode enabled)
When coding-cli-config.json has enabled: true:
-
Ensure the Worker has the
coding-cliskill. Checkworkers-registry.json:cat ~/hiclaw-fs/agents/manager/workers-registry.json | jq '.workers[] | select(.name=="\x3Cworker>") | .skills'If
coding-cliis missing, distribute it:bash /opt/hiclaw/agent/skills/worker-management/scripts/push-worker-skills.sh \ --worker \x3Cworker-name> --skill coding-cli -
Add a "Coding CLI Mode" section to spec.md (see template below).
Step 3: Handling a coding-request: Message
When a Worker sends a message containing coding-request: (in their Worker Room or a Project Room):
Parse the message:
task-{task-id} coding-request:
workspace: ~/hiclaw-fs/shared/tasks/{task-id}/workspace
---PROMPT---
{prompt content}
---END---
Execute:
# 1. Sync workspace from MinIO
task_id="task-YYYYMMDD-HHMMSS"
workspace="/root/hiclaw-fs/shared/tasks/${task_id}/workspace"
mc mirror "hiclaw/hiclaw-storage/shared/tasks/${task_id}/" "/root/hiclaw-fs/shared/tasks/${task_id}/"
# 2. Check for processing marker (task coordination)
bash /opt/hiclaw/agent/skills/task-coordination/scripts/check-processing-marker.sh "$task_id"
if [ $? -ne 0 ]; then
# Another process is working on this task
echo "Task ${task_id} is being processed by another operation. Retry later."
exit 1
fi
# 3. Create processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/create-processing-marker.sh "$task_id" "manager" 15
# 4. Save prompt to file
timestamp=$(date +%Y%m%d-%H%M%S)
prompt_dir="/root/hiclaw-fs/shared/tasks/${task_id}/coding-prompts"
mkdir -p "$prompt_dir"
prompt_file="$prompt_dir/${timestamp}.txt"
cat > "$prompt_file" \x3C\x3C 'PROMPT_EOF'
{extracted prompt content}
PROMPT_EOF
# 5. Get configured CLI
cli=$(jq -r '.cli' ~/coding-cli-config.json)
# 6. Run CLI
bash /opt/hiclaw/agent/skills/coding-cli-management/scripts/run-coding-cli.sh \
--cli "$cli" \
--workspace "$workspace" \
--prompt-file "$prompt_file" \
--timeout 600
exit_code=$?
# 7. Remove processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/remove-processing-marker.sh "$task_id"
# 8. On success (exit 0): push changes to MinIO
if [ "$exit_code" -eq 0 ]; then
mc mirror "/root/hiclaw-fs/shared/tasks/${task_id}/workspace/" "hiclaw/hiclaw-storage/shared/tasks/${task_id}/workspace/" --overwrite
fi
On success — send to Worker in the same Room:
@{worker}:DOMAIN task-{task-id} coding-result:
CLI 工具已完成编码。请同步工作目录并 review 变更:
bash /opt/hiclaw/agent/skills/file-sync/scripts/hiclaw-sync.sh
变更记录:~/hiclaw-fs/shared/tasks/{task-id}/workspace/coding-cli-logs/
On failure (exit ≠ 0 or timeout) — see Step 4.
Step 4: Handling Failure
Notify Worker in the task Room:
@{worker}:DOMAIN task-{task-id} coding-failed:
CLI 工具执行失败(exit code: {code})。请自行完成编码任务。
你生成的提示词已保存于:~/hiclaw-fs/shared/tasks/{task-id}/coding-prompts/
Notify Human Admin via escalate-to-admin.sh or primary channel:
Worker {worker-name} 的编码委托任务 {task-id} 中,{cli} 工具执行失败。
错误信息:{last lines from log file}
建议检查:
- ~/.{cli}/ 凭证是否有效(token 是否过期)
- /host-share/.{cli}/ 软链是否正常(ls -la /root/.{cli})
- {cli} binary 是否在容器内可用(which {cli})
Record in config (optional, for heartbeat diagnostics):
jq --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" --arg tid "$task_id" \
'.last_failure = {task_id: $tid, failed_at: $ts}' \
~/coding-cli-config.json > /tmp/cfg.json && \
mv /tmp/cfg.json ~/coding-cli-config.json
Spec.md Coding CLI Mode Template
Append to the end of spec.md when CLI mode is enabled:
## Coding CLI Mode
本任务涉及代码修改。请使用 **Coding CLI 委托模式** 完成:
1. 克隆/准备代码到工作目录:`~/hiclaw-fs/shared/tasks/{task-id}/workspace/`
2. 推送到 MinIO:`mc mirror ~/hiclaw-fs/shared/tasks/{task-id}/workspace/ hiclaw/hiclaw-storage/shared/tasks/{task-id}/workspace/`
3. 根据你的理解和 `coding-cli` skill 生成编码提示词,发送给我
4. 等待我执行 CLI 工具并返回结果
5. Sync 拉取变更:`bash /opt/hiclaw/agent/skills/file-sync/scripts/hiclaw-sync.sh`
6. Review 变更并报告完成
如收到 `coding-failed:`,请自行完成编码工作。
\x3C!-- hiclaw-builtin-end -->
安全使用建议
What to consider before installing:
- This skill will run local AI coding CLIs (claude/gemini/qodercli) inside task workspaces and then push changes back to MinIO. That means it will read and modify your project files and requires working MinIO/`mc` access.
- The package metadata does not list required binaries (mc, jq, timeout, the CLI binaries) or config paths (e.g. ~/.claude). Ask the publisher to declare these explicitly before installing.
- The scripts look for and may use CLI config directories (~/.claude, ~/.gemini, ~/.qoder). If those directories contain tokens or credentials, the skill could access them. Ensure those credentials are scoped minimally or not present if you do not trust the skill.
- The run script uses flags like --dangerously-skip-permissions and --yolo (tool-specific) which indicate the CLI will run with permissive behavior; review what those flags do for each CLI and whether that is acceptable.
- Confirm the admin consent flow: SKILL.md says the Manager will message an admin to enable CLI delegation, but the mechanism is underspecified. Verify that human approval is enforced and logged.
- Mitigations: sandbox the skill (limit access to only intended workspaces), provide dedicated low-privilege CLI credentials/configs, back up repositories before enabling automatic pushes, and require human review of diffs produced by the CLI before allowing automatic pushes to production branches.
If you cannot confirm the above or cannot restrict host/config access, treat this skill with caution or request a revised version that declares dependencies and minimizes direct access to host credentials.
功能分析
Type: OpenClaw Skill
Name: coding-cli-management
Version: 1.0.0
The skill enables automated execution of AI coding CLI tools (Claude, Gemini, Qodercli) with high-risk configurations, specifically using flags like `--dangerously-skip-permissions` and `--yolo` in `scripts/run-coding-cli.sh`. While these are intended to facilitate autonomous coding, they allow AI-generated prompts from 'Worker' agents to execute arbitrary file system changes and commands on the Manager's host without human intervention. The architecture is highly vulnerable to indirect prompt injection, where a malicious or compromised worker could leverage the Manager's elevated privileges to perform unauthorized actions, though no explicit evidence of intentional malice was found.
能力评估
Purpose & Capability
The name/description match the code: the scripts detect installed coding CLIs and run them against a Worker workspace. However the skill does not declare several runtime requirements it clearly uses (mc, jq, timeout, claude/gemini/qodercli binaries) nor any config path requirements, even though it reads/writes ~/coding-cli-config.json and expects ~/.claude, ~/.gemini, ~/.qoder. This mismatch between claimed requirements and actual needs is unexpected.
Instruction Scope
SKILL.md instructs the Manager to mirror workspaces from MinIO, create processing markers, save prompts, invoke the CLIs inside the workspace, and push changes back to MinIO. It also expects the Manager to contact an admin via a primary channel for enabling CLI mode. The instructions reference many system paths and other skill scripts (/opt/hiclaw/agent/skills/...), and guidance references checking CLI credential directories (e.g. ~/.{cli}) and host-shared config. These are within the apparent purpose but broaden the agent's access surface (host config, workspaces, storage) and the admin interaction is underspecified.
Install Mechanism
Instruction-only skill with included shell scripts; no external downloads or install steps. The code files are bundled with the skill, so nothing will be fetched from arbitrary URLs at install time.
Credentials
The skill declares no required env vars or config paths, yet it expects access to home config dirs (e.g. ~/.claude, ~/.gemini, ~/.qoder), MinIO via `mc`, and other agent skill scripts. Access to CLI credential directories and the ability to mirror/push workspaces to MinIO are powerful capabilities; these should be declared and justified. The skill may therefore gain access to tokens or credentials present in those locations without the registry metadata reflecting that requirement.
Persistence & Privilege
always is false and the skill writes only its own config at ~/coding-cli-config.json. It does not request permanent platform-level privileges. It will, however, operate autonomously when invoked (normal).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install coding-cli-management - 安装完成后,直接呼叫该 Skill 的名称或使用
/coding-cli-management触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
coding-cli-management 1.0.0
- Initial release: Enables Manager to execute AI coding CLI tools (Claude Code, Gemini CLI, or qodercli) for Workers.
- Implements admin approval and configuration workflow for CLI delegation mode.
- Automatically distributes the coding-cli skill to eligible Workers and updates task specs with CLI mode instructions.
- Handles coding-request messages, running CLI tools in the Worker’s workspace and synchronizing results.
- Includes automated error reporting and logging for failed CLI runs, notifying both Worker and human admin.
- Supports both Chinese and English notifications based on admin’s language.
元数据
常见问题
Coding Cli Management 是什么?
Manage and execute AI coding CLI tools on behalf of Workers by running their coding prompts in the Worker’s workspace and returning results. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 346 次。
如何安装 Coding Cli Management?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install coding-cli-management」即可一键安装,无需额外配置。
Coding Cli Management 是免费的吗?
是的,Coding Cli Management 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Coding Cli Management 支持哪些平台?
Coding Cli Management 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Coding Cli Management?
由 Monty(@montycn)开发并维护,当前版本 v1.0.0。
推荐 Skills