Back to skill
Skillv0.1.1
VirusTotal security
Opencode Acp Control · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:14 AM
- Hash
- b1552dbace5a75f65564b4baaef3beafc2228e4323b73d13e91d8b9bfd2f4542
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: opencode-acp-control-3 Version: 0.1.1 The skill is classified as suspicious primarily due to the inclusion of a high-risk `curl -fsSL https://opencode.dev/install | bash` command within the `SKILL.md` documentation. While presented as a 'manual update suggestion' to the user, this command allows for arbitrary code execution from an external source (`opencode.dev`), posing a significant supply chain vulnerability. Additionally, the skill utilizes `process.list()` which grants broad visibility into running processes, a powerful capability that, while used for a stated purpose (killing OpenCode instances for update), could be misused.
- External report
- View on VirusTotal