ClawHub

OpenCode AI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenCode helper skill whose risks are expected for an AI coding CLI, though users should be careful with privileged install, sharing, and credential features.

Install only if you intend to let OpenCode operate on codebases. Review any sudo, symlink, chmod/chown, or rm commands before running them; avoid --share for private code; authenticate only with trusted providers; and install plugins, MCP servers, or remote attachments only from sources you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes a privileged `sudo cp -r ... /usr/local/lib/node_modules/openclaw/skills/` installation step without warning that it modifies system-wide directories and requires elevated privileges. In an agent-skill context, users may copy-paste commands directly, increasing the risk of unintended system changes or overwriting trusted skill files.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The instructions tell users to append to `~/.zshrc`, which makes a persistent environment change, but do not warn that this alters future shell behavior. Although the PATH change shown is not obviously malicious, undocumented persistent profile edits can cause confusion, unexpected command resolution, and make later troubleshooting harder.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents `--share` and shareable session links but does not warn that shared sessions may expose prompts, code, file attachments, or other conversation content to third parties. In a coding-agent skill, users may operate on proprietary repositories or sensitive source files, so omission of a disclosure warning creates a realistic confidentiality risk.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill includes provider login and credential-management commands without noting that authentication tokens, provider credentials, or OAuth grants are sensitive. While the commands themselves are expected functionality, lack of a privacy warning can lead users to authenticate in insecure environments or mishandle stored credentials.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal