📦 OpenClaw
v1.0.0通过 tmux 控制 Claude Code(cc)执行开发任务。用途:启动 CC 开发会话、发送开发命令、监控进度……
11· 11·0 当前·0 累计
by 下载技能包
最后更新
2026/4/24
安全扫描
OpenClaw
可疑
medium confidence这些说明大多与在 tmux 中运行 Claude Code 的工具相符,但它们要求你执行特权系统更改、使用 curl|sh 安装器、依赖未声明的 API 密钥,并推荐危险的自动化标志——这些差距过大,值得警惕。
评估建议
Before 安装ing or following these instructions, consider the following: 1) Do not 运行 curl | sh (https://claude.AI/安装.sh) unless you have inspected the script and verified its integrity and origin; prefer official GitHub releases or vendor-签名ed 安装ers. 2) Avoid 添加ing a user to /etc/sudoers with NOPASSWD; instead 运行 claude under a restricted non-privileged account without sudo, or 运行 inside an isolated contAIner/VM. 3) The 技能.md references ANTHROPIC_API_KEY but the 技能 manifest doesn't declare it — tr...详细分析 ▾
ℹ 用途与能力
The 技能's 状态d purpose (运行 Claude Code in tmux for long-运行ning development tasks) aligns with the commands shown (tmux 会话 management, 发送ing 输入, capturing 输出). However several required actions—creating a 系统 user, 应用ending passwordless sudo to /etc/sudoers, and using a global npm or remote 安装—are heavier than one would expect for a lightweight 控制器 and should be justified.
⚠ 指令范围
The 技能.md instructs the operator to 创建 local users, 设置 passwords via chpasswd, modify /etc/sudoers (NOPASSWD), and 运行 commands as another user via su -c. It also references configuring ANTHROPIC_API_KEY and suggests forcibly skipping confirmations with --dangerously-skip-权限s. Those are 系统-wide and security-sensitive operations outside a minimal 'tmux + 命令行工具ent' 控制器 scope and give the 代理 broad capability to automate privileged actions.
⚠ 安装机制
No formal 安装 spec exists, but the instructions recommend npm -g 安装ation and a curl -fsSL https://claude.AI/安装.sh | sh flow. Curl|sh from a top-level domAIn with no explicit provenance is high-risk; global npm 安装s also modify the host 环境. The 安装 应用roach is not constrAIned or verified and can write and 执行 arbitrary code.
⚠ 凭证需求
The manifest declares no required 环境 variables, yet the instructions reference ANTHROPIC_API_KEY and suggest 记录ging in to Claude. That mismatch (undeclared 凭证s) is a red flag. The suggestion to 添加 NOPASSWD sudo for the dedicated user is disproportionate to the 状态d functionality and increases 凭证 exposure risk.
⚠ 持久化与权限
The 技能 itself is instruction-only and not always-enabled, which is fine, but the 运行time instructions direct changes to 系统 状态 (user creation, password as签名ment, /etc/sudoers modification) that persist and elevate the risk 性能分析 of any 自动化 that uses this 技能. The use of --dangerously-skip-权限s also 移除s interactive safety 检查s, increasing potential for unintended privileged actions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
openclaw-claudecode 1.0.0 发布——通过 tmux 控制 Claude Code (cc) 执行开发任务。
● 可疑
安装命令
点击复制官方npx clawhub@latest install openclaw-claudecode
镜像加速npx clawhub@latest install openclaw-claudecode --registry https://cn.longxiaskill.com镜像同步中
技能文档
通过 tmux 会话控制 Claude Code,执行长时间开发任务。
环境检查与初始化(首次使用必须)
0.1 检查 tmux
``bash
# 检查是否已安装 tmux
which tmux || echo "tmux not found"
# 未安装时
# CentOS/RHEL/Rocky: dnf install -y tmux || yum install -y tmux
# Ubuntu/Debian: apt install -y tmux
# Alpine: apk add tmux
` 0.2 检查 Claude Code
`bash
# 检查 claude 命令
which claude || echo "claude not found"
# 未安装时
npm install -g @anthropic-ai/claude-code
# 或使用官方脚本
curl -fsSL https://claude.ai/install.sh | sh
` 0.3 验证 Claude Code
`bash
# 查看版本
claude --version
# 简单测试(需已登录)
claude --print "hello" 2>&1 | head -5
`
常见问题:
Not logged in→ 先执行claude /login或配置ANTHROPIC_API_KEYmodel not found→ 检查 API 端点是否支持指定模型
0.4 创建普通用户(CC 拒绝 root)
`bash
# 检查用户是否存在
id || echo "user not found"
# 创建用户(如不存在)
useradd -m -s /bin/bash
# 设密码(可选)
echo ":" | chpasswd
# 或免密 sudo(开发环境推荐)
echo " ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
`
推荐用户名:claudecode、developer、ccdev 0.5 环境检查汇总
一键检查脚本:
`bash
check_env() {
echo "=== tmux ==="
which tmux && tmux -V || echo "❌ tmux missing"
echo "=== claude ==="
which claude && claude --version || echo "❌ claude missing"
echo "=== user ==="
id || echo "❌ user missing"
echo "=== auth ==="
claude --print "test" 2>&1 | grep -E "error|Error" && echo "❌ auth failed" || echo "✅ auth ok"
}
check_env
`
全部通过后再继续 ---
核心流程
1. 定位项目目录
`bash
# 检查目录是否存在
ls -la
# 确认是 git 仓库(CC 需要)
ls -la /.git
`
目录不存在 → 立即请用户确认路径 2. 创建 tmux 会话
`bash
# 新建会话(指定工作目录)
tmux new-session -d -s -c
# 验证会话
tmux list-sessions
`
会话命名建议:cc- 或 claude- 3. 切换用户并启动 CC
CC 拒绝 root,必须切到普通用户:
`bash
# 发送命令:切换用户 + 进入目录 + 启动 CC
tmux send-keys -t "su - -c 'cd && claude --dangerously-skip-permissions'" Enter
`
关键参数:
--dangerously-skip-permissions:跳过所有确认,完全自动--print:静默模式,完成后输出(适合后台任务)
4. 发送开发指令
`bash
# 单行指令
tmux send-keys -t "" Enter
# 多行指令(用 load-buffer)
cat << 'EOF' | tmux load-buffer -
First line
Second line
Third line
EOF
tmux paste-buffer -t
tmux send-keys -t Enter
` 5. 监控进度
`bash
# 查看最近输出
tmux capture-pane -t -p | tail -30
# 查看完整滚动历史
tmux capture-pane -t -p -S -
# 检查是否需要输入
tmux capture-pane -t -p | tail -10 | grep -E "❯|Yes.*No|proceed|permission|y/n"
` 6. 自动确认/交互
`bash
# 发送确认
tmux send-keys -t y Enter
# 发送取消
tmux send-keys -t n Enter
# 发送 Ctrl+C 中断
tmux send-keys -t C-c
` ---
完整示例
启动开发任务(含环境检查)
`bash
# 0. 环境检查
which tmux || dnf install -y tmux
which claude || npm install -g @anthropic-ai/claude-code
id claudecode || useradd -m claudecode # 1. 创建会话
tmux new-session -d -s cc- -c
# 2. 启动 CC(普通用户)
tmux send-keys -t cc- "su - claudecode -c 'cd && claude --dangerously-skip-permissions'" Enter
# 3. 等待 CC 启动(约 5 秒)
sleep 5
# 4. 发送开发任务
tmux send-keys -t cc- "" Enter
# 5. 监控进度
tmux capture-pane -t cc- -p | tail -20
`
查看 CC 进程状态
``bash