Opencode Acp Control

Security checks across malware telemetry and agentic risk

Overview

The skill’s OpenCode-control purpose is coherent, but its update workflow appears able to broadly stop OpenCode processes and recommends a remote shell installer without enough scoping or confirmation.

Review this skill before installing. Only use it if you are comfortable with it inspecting local processes and potentially stopping OpenCode sessions; prefer a workflow that lists exact PIDs and asks for confirmation before termination. Inspect the upstream installer before running the curl-to-bash update command, or install OpenCode through a package manager you already trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The update workflow instructs the agent to enumerate all processes and kill any whose command includes "opencode", which exceeds the scope of the specific ACP session the skill started. In a multi-project or multi-user environment, this can terminate unrelated OpenCode instances and disrupt active work, making it an unsafe destructive action pattern.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill describes killing running OpenCode processes as part of update handling without an explicit warning or confirmation step. Because process termination is destructive to active sessions and user workflows, omitting confirmation increases the chance of accidental denial of service or loss of in-progress work.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal