ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Opencode Acp Control

v0.1.1

Control OpenCode directly via the Agent Client Protocol (ACP). Start sessions, send prompts, resume conversations, and manage OpenCode updates.

0· 615·1 current·1 all-time
byBastian Nicolas Berrios Alarcon@berriosb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly aims to control OpenCode via the Agent Client Protocol and will run the 'opencode' CLI (e.g., `opencode acp --cwd ...`). However the registry metadata declares no required binaries or install steps. That mismatch (the skill uses an external binary but doesn't declare it) is incoherent and should be explained by the author.
!
Instruction Scope
Runtime instructions tell the agent to start background processes, write arbitrary JSON-RPC to the process, and poll/kill it. The initialize payload includes clientCapabilities that enable fs readTextFile and writeTextFile — meaning OpenCode (via ACP) can read and write files in whatever working directory you pass. The SKILL.md allows operating on arbitrary project paths chosen at runtime, which is powerful and potentially sensitive. The instructions do not direct data to third-party endpoints, but they do enable broad filesystem access and arbitrary command execution via the local 'opencode' process.
Install Mechanism
There is no install spec (instruction-only), which reduces risk from remote code downloads. However, because the skill relies on an external 'opencode' binary being present and runnable in the agent environment, the lack of declared required binaries or guidance about obtaining a trusted opencode binary is a provenance gap.
!
Credentials
The skill lists no environment variables or credentials (which is reasonable), but the initialize message requests filesystem read/write capability. That is effectively broad access to the user's workspace even though the manifest declares no special permissions. Also the package metadata shows minor inconsistencies (ownerId/slug/version differ between registry metadata and _meta.json), which reduces confidence in provenance.
Persistence & Privilege
always:false (normal). The skill starts background processes (opencode runs in background) and tracks a processSessionId; such background processes may persist for the duration of a session, which is expected for a controller skill. Autonomous invocation is allowed by default (not a separate red flag), but combined with the filesystem capability this increases potential impact if you allow the agent to act without supervision.
What to consider before installing
Before installing or enabling this skill: - Understand what it actually does: it launches your local 'opencode' CLI and speaks JSON-RPC to it, granting the OpenCode process the ability to read and write files in whatever working directory you provide. - Verify you have a trusted 'opencode' binary: the skill does not declare required binaries or provide an install origin. Confirm the CLI is from the official project (check the GitHub repo linked in SKILL.md) and that you trust that binary. - Prefer using the skill only in safe/test directories (not your entire home or production projects), or restrict the cwd you give it. - Ask the author to update the manifest to declare required binaries (e.g., requires.binaries: ["opencode"]) and to provide provenance/installation instructions; also resolve the metadata inconsistencies (ownerId/version). - If you need stricter safety, decline the skill or run it in an isolated environment (container/VM) so the agent and the opencode process cannot access sensitive files. Given the manifest mismatches and the broad filesystem capability, treat this skill with caution until provenance and declared requirements are clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9j6nghjznj4h0dj9ttyt4n81f2py

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments