OpenCode Remote
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for remotely managing OpenCode sessions, but it can control powerful remote APIs and create recurring monitoring, so it should only be used with trusted endpoints.
Install only if you intend this agent to manage a trusted OpenCode server. Verify the endpoint and session short name before sending prompts, be cautious with shell or mutating API actions, and cancel recurring monitoring when it is no longer needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad command could read, modify, or run processes on the remote OpenCode environment.
The documented API can execute shell commands in a remote OpenCode session. This fits the remote-operation purpose, but it is a powerful capability if used on a privileged server.
POST /session/{sessionID}/shell
Content-Type: application/json
{
"command": "ls -la"
}Use only trusted OpenCode endpoints and require explicit confirmation before shell, delete, config, MCP, PTY, or other mutating operations.
The agent may continue polling remote sessions and reporting status after the original task unless the monitoring task is cancelled.
The skill intentionally creates recurring monitoring after sending messages. This is disclosed and aligned with the monitoring purpose, but it is persistent background activity.
每当向一个 session 发送消息后,必须自动设置监控 ... 每 5 分钟检查该 session 的 todo 状态 ... cron add --name "monitor-main-sessions" --schedule "every 5 minutes"
Confirm that monitoring is desired, keep the monitored session list small, and cancel scheduled monitoring when the task is complete.
An outdated or tampered short name could cause the agent to message the wrong OpenCode session, and the file may expose task names and session identifiers to anyone with local access.
The helper persists endpoint, session ID, task, and monitoring state for later reuse. This supports the skill's purpose, but stored session mappings can become stale or be edited.
MAIN_SESSIONS_FILE = "/root/.openclaw/workspace/opencode-sessions.json" ... "endpoint": endpoint, "session_id": session_id, "task": task
Keep the session registry private, verify short names and endpoints before sending messages, and remove entries that are no longer needed.
Prompts, session IDs, task details, and outputs may be visible to or processed by the remote OpenCode server.
The skill sends prompts and receives outputs from a remote OpenCode agent/server over a user-provided HTTP endpoint. This is the intended integration, but the trust boundary is the remote server.
通过 HTTP API 与远程 OpenCode 服务器交互,实现多 session 管理、状态监控和任务执行。
Use trusted and preferably authenticated/HTTPS endpoints, and avoid sending secrets unless the remote server is intended to handle them.