coding-agent
Delegate coding tasks to Codex, Claude Code, or Pi agents via background host sessions. Use when: (1) building or creating new features or apps, (2) reviewing PRs (spawn in temp dir), (3) refactoring large codebases, (4) iterative coding that needs file exploration. NOT for: simple one-liner fixes (just edit), reading code (use read tool), thread-bound ACP harness requests in chat (for example spawn or run Codex or Claude Code in a Discord thread; use sessions_spawn with runtime:"acp"), or any work in ~/clawd workspace (never spawn agents here). Requires OpenClaw host tools with exec_command plus write_stdin.
83
Quality
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md workflow explicitly instructs cloning and fetching GitHub repos/PRs (e.g., "git clone https://github.com/user/repo.git $REVIEW_DIR" and "git fetch origin '+refs/pull/*/head:refs/remotes/origin/pr/*'") and then running coding agents (Codex/Claude Code) to review and modify that code, meaning untrusted, user-generated third‑party content will be read and can influence agent actions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches and runs external code at runtime — e.g., git clone https://github.com/user/repo.git (cloning a repository into the agent's workdir that will be used as context) and npm install -g @mariozechner/pi-coding-agent (fetches a remote CLI package that is then executed via the pi command) — so these external dependencies can directly control prompts or execute code.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (medium risk: 0.40). The prompt does not explicitly ask for sudo, user creation, or editing privileged system files, but it instructs the agent to run arbitrary shell commands via exec_command (including global installs) and even encourages disabling sandbox/approval flags (--yolo, --full-auto), which meaningfully raises the risk of the agent modifying host state or bypassing safeguards.
- Repository
- trpc-group/trpc-agent-go
- Commit
8763418
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.