← 返回 Skills 市场
coding-agent
作者
Shiwen Han
· GitHub ↗
· v1.0.0
· MIT-0
391
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install tshogx-coding-agent
功能描述
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp...
安全使用建议
This skill plausibly does what it says, but it omits and actively encourages risky operational choices. Before installing: (1) confirm on your system that the required CLIs (codex, claude, opencode, git, gh, etc.) are present and understand which credentials they use; (2) do not use sandbox-bypass flags (--yolo, bypassPermissions) or 'elevated' host mode unless you fully trust the remote agent and understand the consequences — these options allow arbitrary commands to run on your host and can access local files/credentials; (3) run any spawned agents only in disposable temporary directories or isolated environments (containers or VMs) and avoid running inside the OpenClaw workspace; (4) be prepared to monitor and kill background sessions and to rotate any tokens or secrets that might be exposed; (5) consider asking the skill author to explicitly declare required binaries and any credential needs before installing so you can make an informed decision.
功能分析
Type: OpenClaw Skill
Name: tshogx-coding-agent
Version: 1.0.0
The skill facilitates the delegation of tasks to external coding agents (Codex, Claude Code, Pi) using high-risk configurations such as the `--yolo` flag (no sandbox/approvals) and `bypassPermissions`. While these features are documented for automation purposes in SKILL.md, the ability to run commands with `elevated` privileges on the host and manage background processes presents a significant security risk and potential for unintended RCE, although there is no direct evidence of malicious intent.
能力评估
Purpose & Capability
The written instructions match the described purpose (delegating coding work to Codex/Claude/Pi/OpenCode via CLI invocations and background sessions). However the skill declares no required binaries, env vars, or install steps while the instructions repeatedly assume presence of multiple CLIs (codex, claude, opencode, gh, git) and a configured environment — that omission is an incoherence the user should be aware of.
Instruction Scope
The SKILL.md explicitly instructs using flags that bypass sandboxing and approvals (e.g., --permission-mode bypassPermissions, --yolo / 'no sandbox, no approvals'), running interactive PTYs, background sessions, and an 'elevated' host mode. Those instructions go beyond benign automation and materially increase risk (arbitrary commands, potential file/system modification, exfiltration) — they are within the skill's stated purpose but are high-risk operational choices that should be explicitly declared and constrained.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. That lowers installation risk (nothing new is written to disk by the skill itself).
Credentials
The skill lists no required environment variables or primary credential, but the instructions implicitly require authenticated CLIs (e.g., 'gh pr checkout', 'gh pr comment', git clone, and agent CLIs). It therefore expects existing credentials/configuration (GitHub auth, agent CLI auth) without declaring them — an important mismatch. The ability to run agents with bypassed permissions could access tokens and files available to the process, so the lack of declared env/credential requirements is concerning.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and leaves autonomous invocation at the platform default. However, the instructions promote long-running background sessions and an 'elevated' option that, if used, would allow host-level execution; combined with sandbox-bypass flags this increases potential blast radius. The metadata itself does not request elevated privileges, but the operational guidance encourages using them.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tshogx-coding-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/tshogx-coding-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
coding-agent 1.0.0
- Initial release of the coding-agent skill.
- Enables delegation of coding tasks to Codex, Claude Code, Pi, or OpenCode agents via background processes.
- Supports interactive and background modes with session monitoring, input, and cleanup.
- Distinct execution rules and flags for each agent (e.g., PTY required for Codex/Pi/OpenCode, not for Claude Code).
- Guides included for safe reviewing, parallel work using git worktrees, and agent orchestration patterns.
- Emphasizes safe workspace practices—never spawn agents in OpenClaw or on live branches.
元数据
常见问题
coding-agent 是什么?
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 391 次。
如何安装 coding-agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tshogx-coding-agent」即可一键安装,无需额外配置。
coding-agent 是免费的吗?
是的,coding-agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
coding-agent 支持哪些平台?
coding-agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 coding-agent?
由 Shiwen Han(@tshogx)开发并维护,当前版本 v1.0.0。
推荐 Skills