openclaw-claude-code / claude-code-skill

The skill's core design enables autonomous Claude agents with unrestricted access to Bash, Read, Write, Edit, Glob, Grep, WebFetch, and WebSearch. Lines 26, 50, 105-106, 120 document autonomous execution modes. This combination enables: arbitrary command execution, credential theft, data exfiltration, system compromise, and persistence. The 'bypassPermissions' mode (line 120) explicitly disables user oversight.

criticalopenclaw-claude-code:L26,50,105,106,120

Skill documentation demonstrates Write and Edit tools with no path restrictions (lines 74, 106, 254). Examples show writing to arbitrary locations. Combined with autonomous execution, this enables arbitrary file creation/modification.

criticalopenclaw-claude-code:L74,106,254

Skill documentation demonstrates Read tool with no path restrictions (lines 71, 187). Examples show reading arbitrary files across the system. Combined with persistent sessions and autonomous execution, this enables silent data exfiltration.

criticalopenclaw-claude-code:L71,187

Skill documentation extensively promotes and demonstrates unrestricted Bash execution. Lines 34, 70, 98, 106, 254 show examples using Bash(command *) or Bash without scoping. Line 120 explicitly documents 'bypassPermissions' mode that skips all prompts. The skill's core purpose is to enable autonomous Claude Code execution with auto-approved tool access. Without explicit allowed-tools in frontmatter, this is documentation of dangerous capability, but the skill is designed to facilitate unrestricted command execution when deployed.

criticalopenclaw-claude-code:L34,70,98,106,120,254

Skill enables reading arbitrary files including credentials, SSH keys, config files, and private data. Lines 71, 187 show unrestricted Read operations. Combined with WebFetch (line 389), this data can be exfiltrated. The skill's autonomous execution means data access happens without user visibility.

highopenclaw-claude-code:L71,187,389

Skill documentation references WebFetch tool (line 389) as available via MCP. Combined with unrestricted Read/Write/Bash permissions, this enables exfiltration of data to external endpoints.

highopenclaw-claude-code:L389

Skill documentation demonstrates Glob and Grep tools with no restrictions (lines 72-73, 187). These enable discovery of sensitive files across the filesystem.

highopenclaw-claude-code:L72,73,187

Lines 88-91, 289-305 document routing requests through external proxies (claude-code-proxy) to enable other models (Gemini, GPT) to power Claude Code. This creates a trust boundary where remote proxies control code execution. The proxy can intercept, modify, or redirect commands.

highopenclaw-claude-code:L88,91,289,305