← Back to Skills Marketplace
coding-agent
by
Shiwen Han
· GitHub ↗
· v1.0.0
· MIT-0
391
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install tshogx-coding-agent
Description
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp...
Usage Guidance
This skill plausibly does what it says, but it omits and actively encourages risky operational choices. Before installing: (1) confirm on your system that the required CLIs (codex, claude, opencode, git, gh, etc.) are present and understand which credentials they use; (2) do not use sandbox-bypass flags (--yolo, bypassPermissions) or 'elevated' host mode unless you fully trust the remote agent and understand the consequences — these options allow arbitrary commands to run on your host and can access local files/credentials; (3) run any spawned agents only in disposable temporary directories or isolated environments (containers or VMs) and avoid running inside the OpenClaw workspace; (4) be prepared to monitor and kill background sessions and to rotate any tokens or secrets that might be exposed; (5) consider asking the skill author to explicitly declare required binaries and any credential needs before installing so you can make an informed decision.
Capability Analysis
Type: OpenClaw Skill
Name: tshogx-coding-agent
Version: 1.0.0
The skill facilitates the delegation of tasks to external coding agents (Codex, Claude Code, Pi) using high-risk configurations such as the `--yolo` flag (no sandbox/approvals) and `bypassPermissions`. While these features are documented for automation purposes in SKILL.md, the ability to run commands with `elevated` privileges on the host and manage background processes presents a significant security risk and potential for unintended RCE, although there is no direct evidence of malicious intent.
Capability Assessment
Purpose & Capability
The written instructions match the described purpose (delegating coding work to Codex/Claude/Pi/OpenCode via CLI invocations and background sessions). However the skill declares no required binaries, env vars, or install steps while the instructions repeatedly assume presence of multiple CLIs (codex, claude, opencode, gh, git) and a configured environment — that omission is an incoherence the user should be aware of.
Instruction Scope
The SKILL.md explicitly instructs using flags that bypass sandboxing and approvals (e.g., --permission-mode bypassPermissions, --yolo / 'no sandbox, no approvals'), running interactive PTYs, background sessions, and an 'elevated' host mode. Those instructions go beyond benign automation and materially increase risk (arbitrary commands, potential file/system modification, exfiltration) — they are within the skill's stated purpose but are high-risk operational choices that should be explicitly declared and constrained.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. That lowers installation risk (nothing new is written to disk by the skill itself).
Credentials
The skill lists no required environment variables or primary credential, but the instructions implicitly require authenticated CLIs (e.g., 'gh pr checkout', 'gh pr comment', git clone, and agent CLIs). It therefore expects existing credentials/configuration (GitHub auth, agent CLI auth) without declaring them — an important mismatch. The ability to run agents with bypassed permissions could access tokens and files available to the process, so the lack of declared env/credential requirements is concerning.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and leaves autonomous invocation at the platform default. However, the instructions promote long-running background sessions and an 'elevated' option that, if used, would allow host-level execution; combined with sandbox-bypass flags this increases potential blast radius. The metadata itself does not request elevated privileges, but the operational guidance encourages using them.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tshogx-coding-agent - After installation, invoke the skill by name or use
/tshogx-coding-agent - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
coding-agent 1.0.0
- Initial release of the coding-agent skill.
- Enables delegation of coding tasks to Codex, Claude Code, Pi, or OpenCode agents via background processes.
- Supports interactive and background modes with session monitoring, input, and cleanup.
- Distinct execution rules and flags for each agent (e.g., PTY required for Codex/Pi/OpenCode, not for Claude Code).
- Guides included for safe reviewing, parallel work using git worktrees, and agent orchestration patterns.
- Emphasizes safe workspace practices—never spawn agents in OpenClaw or on live branches.
Metadata
Frequently Asked Questions
What is coding-agent?
Delegate coding tasks to Codex, Claude Code, or Pi agents via background process. Use when: (1) building/creating new features or apps, (2) reviewing PRs (sp... It is an AI Agent Skill for Claude Code / OpenClaw, with 391 downloads so far.
How do I install coding-agent?
Run "/install tshogx-coding-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is coding-agent free?
Yes, coding-agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does coding-agent support?
coding-agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created coding-agent?
It is built and maintained by Shiwen Han (@tshogx); the current version is v1.0.0.
More Skills