← 返回 Skills 市场
OpenClaw Coding Agent Workflows
作者
Daniel Sinewe
· GitHub ↗
· v1.0.0
· MIT-0
111
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-coding-agent-workflows
功能描述
Delegate coding tasks to Codex, Claude Code, Pi, or OpenCode from bash with safe launch modes, background monitoring, and repo-isolated review workflows.
安全使用建议
This skill is coherent with its goal of orchestrating other coding agents, but there are actionable concerns you should consider before using it:
- Missing local dependencies: Examples call git, gh, mktemp, and bash behaviors not declared in the metadata. Ensure those CLIs exist and are the versions you expect.
- Permission bypass: The advice to run Claude Code with '--permission-mode bypassPermissions' effectively disables safety controls. Avoid that flag unless you fully trust the agent binary and isolate its execution environment.
- Full-auto + PTY risk: Running agent binaries with PTY:true and --full-auto lets the remote agent execute arbitrary commands inside your repository. Use temp clones or worktrees (as the guide suggests), scan outputs, and never run this on sensitive repos or your real OpenClaw config (~/.openclaw).
- Credential handling: The skill does not request credentials, but the agent CLIs likely need API keys or gh auth. Verify where those credentials are stored and limit their scope (least privilege). Prefer ephemeral tokens and sandboxed environments.
- Audit and gating: Add review gates (manual approval before merges), run tests in sandboxed CI, and consider restricting network or filesystem access for agent runs.
Given the permission-bypass recommendation and the omission of other required tools, treat this skill as high-risk and only run it in isolated, disposable environments until you validate its behavior and configuration.
功能分析
Type: OpenClaw Skill
Name: openclaw-coding-agent-workflows
Version: 1.0.0
The skill facilitates the orchestration of external coding agents (Codex, Claude Code, etc.) using high-risk execution patterns, including interactive PTY sessions and the '--permission-mode bypassPermissions' flag in SKILL.md. While these capabilities are plausibly needed for the stated purpose of autonomous coding and the documentation suggests safety practices like using temporary directories for PR reviews, the instructions grant broad, unmonitored shell access to sub-agents, which is a high-risk behavior.
能力评估
Purpose & Capability
The name/description claim to delegate coding agents, and the skill only requires at least one agent binary (claude, codex, opencode, pi), which aligns with the purpose. However, the runtime instructions routinely call other local tools (git, gh, mktemp, bash) and rely on CLI semantics (process action:*, openclaw system event) that are not declared in the metadata. The omission of utilities like git/gh and reliance on unrestricted cloning/execution is an inconsistency (not necessarily malicious) that the user should be aware of.
Instruction Scope
SKILL.md instructs the agent to run external coding agents in PTY/full-auto modes and to clone and execute inside repositories. It explicitly recommends Claude Code use '--permission-mode bypassPermissions' (which appears to circumvent permission constraints). The instructions permit launching long-running background sessions and submitting interactive responses — all of which can execute arbitrary code inside local checkouts. While these actions are within the claimed purpose, the permission-bypass recommendation and the lack of explicit safety checks or audit/verification steps are significant scope concerns.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by installation. That is the lowest install risk.
Credentials
No environment variables or credentials are requested by the skill metadata, which is proportionate. That said, example workflows expect tools that may themselves require credentials (e.g., gh, codex/claude API keys) but the skill does not declare or explain how to supply or protect those. The explicit encouragement to use '--permission-mode bypassPermissions' for Claude Code is disproportionate for a skill that doesn't otherwise request elevated access — it suggests bypassing protections outside the skill's declared scope.
Persistence & Privilege
always:false and no install-time persistence are set. The skill can be invoked autonomously per platform defaults, which is expected. It does not request to modify other skills or agent-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-coding-agent-workflows - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-coding-agent-workflows触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: OpenClaw coding-agent orchestration workflow with execution matrix, background session control, and repo-safe review patterns.
元数据
常见问题
OpenClaw Coding Agent Workflows 是什么?
Delegate coding tasks to Codex, Claude Code, Pi, or OpenCode from bash with safe launch modes, background monitoring, and repo-isolated review workflows. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 111 次。
如何安装 OpenClaw Coding Agent Workflows?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-coding-agent-workflows」即可一键安装,无需额外配置。
OpenClaw Coding Agent Workflows 是免费的吗?
是的,OpenClaw Coding Agent Workflows 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Coding Agent Workflows 支持哪些平台?
OpenClaw Coding Agent Workflows 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Coding Agent Workflows?
由 Daniel Sinewe(@danielsinewe)开发并维护,当前版本 v1.0.0。
推荐 Skills