Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description advertise a coding agent built around the opencode CLI and the only declared requirement is the opencode binary — this is expected and proportionate.
Instruction Scope
SKILL.md directs the agent to run opencode commands against user project directories, to use modes like --auto/--interactive/--read-only, and references config at ~/.opencode/config.toml. This is appropriate for a coding agent, but --auto and background modes can cause automated file modifications and long-running network activity; follow the provided cautions (don't run in untrusted dirs, review changes).
Install Mechanism
Instruction-only skill with no install spec or bundled code — nothing is written or downloaded by the skill itself, which is the lowest-risk install profile.
Credentials
The skill declares no required env vars. SKILL.md references opencode's own config (e.g., ~/.opencode/config.toml) and model selection, which may rely on credentials or API keys configured outside the skill; this is expected but users should ensure those opencode credentials are correct and limited.
Persistence & Privilege
always:false and no requests to alter other skills or global agent settings. The main risk is intended: modes that let opencode auto-apply changes. The skill itself does not demand elevated or persistent platform privileges.
Assessment
This skill is coherent: it expects the opencode CLI and instructs you how to run it. Before using: ensure opencode is a trusted binary on your PATH; avoid running --auto or background sessions in repositories or directories you don't trust; review ~/.opencode/config.toml and any model/API keys configured there so the agent uses only the credentials you intend; and always review automated changes before committing or pushing them.Like a lobster shell, security has layers — review code before you run it.
latestvk979aqjns9gv15q6bg4qd2sf0s82557m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤖 Clawdis
OSLinux · macOS · Windows
Binsopencode