opencode-acp

The skill is classified as suspicious due to its broad execution capabilities and explicit cross-agent command execution. The `opencode_acp_client.py` script uses `subprocess.Popen` to execute the `opencode` binary with a user-controlled `project_dir` as the working directory, which, while central to its purpose, presents a high-risk attack surface if `opencode` or the `project_dir` itself were compromised. Furthermore, the `SKILL.md` explicitly instructs the OpenCode agent to execute `openclaw system event` commands upon task completion, allowing a sub-agent to directly trigger actions in the orchestrating OpenClaw agent. While these are designed features for agent collaboration, they represent significant trust boundary crossings and powerful capabilities that could be abused, lacking sufficient sanitization or sandboxing to be considered benign, but without clear evidence of intentional malicious behavior like data exfiltration or backdoor installation.