ClawHub
Back to skill
v1.0.0

open-ralph

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

This is a coherent instruction-only skill for running a bounded autonomous coding loop, but users should understand it can modify a git repository and send coding prompts to OpenCode models.

GuidanceThis skill appears purpose-aligned and bounded, but use it on a clean git working tree, keep max-iteration limits, avoid confidential code unless provider use is acceptable, and review all diffs before committing or merging.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
ralph "<TASK PROMPT>" \
 --agent opencode \
 --model opencode/kimi-k2.5-free \
 --completion-promise "COMPLETE" \
 --max-iterations 20

The skill instructs the agent to run an autonomous coding CLI loop. This is central to the stated purpose and includes an iteration bound, but it can still modify repository files.

User impactThe tool may make repeated code changes in the current git repository before stopping.
RecommendationRun it only in the intended repository, keep iteration limits, and review git diffs before merging or committing changes.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
"requires": { "bins": ["opencode", "ralph", "git"] }

The instruction-only skill relies on external command-line tools rather than bundled reviewed code or an install spec.

User impactThe actual behavior depends on the locally installed versions of opencode, ralph, and git.
RecommendationInstall required binaries from trusted sources and keep them updated.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
This skill runs an autonomous Ralph Wiggum coding loop using the `ralph` CLI with OpenCode as the agent provider.

The skill uses an external agent/model provider for coding tasks. That is disclosed and purpose-aligned, but the artifacts do not define data handling boundaries for prompts or repository context.

User impactTask prompts and potentially code context may be processed by OpenCode-backed models.
RecommendationAvoid using this on repositories or prompts containing secrets or confidential code unless you are comfortable with the provider's data handling.