Back to skill

Security audit

Opencode Acp Control

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent OpenCode controller, but its update instructions can broadly stop OpenCode processes and recommend an unsafe manual installer command.

Install only if you trust OpenCode and are comfortable giving it project file and terminal access. Before using the update workflow, ask the agent to list exactly which OpenCode processes it would stop and approve only the ones you intend to restart. Prefer a verified release or inspected installer over piping a remote script directly into bash.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The update workflow tells the agent to enumerate processes and kill any process whose command includes 'opencode', which is broader than managing the specific ACP instance started for the current task. This can disrupt unrelated user work, terminate other active sessions, and create a denial-of-service condition against legitimate processes on the host.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes stopping all running OpenCode processes as part of updating, but it does not require an upfront warning or confirmation about interruption of active work. In an agent context, this increases the chance of unintended destructive actions that can interrupt sessions, lose unsaved progress, or interfere with concurrent tasks.

External Script Fetching

High
Category
Supply Chain
Content
If version still doesn't match latest:
- Inform user: "OpenCode auto-update may have failed. Current: X.X.X, Latest: Y.Y.Y"
- Suggest manual update: `curl -fsSL https://opencode.dev/install | bash`

### Update Workflow Summary
Confidence
98% confidence
Finding
curl -fsSL https://opencode.dev/install | bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.