Skillv0.1.0

ClawScan security

occ · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 3:58 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (manages local OpenCode sessions) but contains a few inconsistencies and side effects (auto npm install, missing declared prerequisites, and operations in the caller's current directory) that warrant caution before installing.
Guidance: This skill appears to legitimately control a local OpenCode server, but take these precautions before installing: 1) Confirm you have a trusted 'opencode' CLI and Node/npm installed — the metadata does not declare these prerequisites. 2) Expect the script to run 'npm install' in the skill folder (network fetch and possible postinstall scripts). If you don’t want network installs, create node_modules yourself or inspect package.json first. 3) Run the CLI from a throwaway or sandbox directory — the OpenCode server will operate in the current directory and may modify files. 4) Review the included scripts (they are present and readable) and ensure 'opencode' is the expected binary in your PATH. 5) If you need higher assurance, run the tool in an isolated environment (container/VM) to observe behavior before granting it access to real projects.

Review Dimensions

Purpose & Capability: concernThe code matches the stated purpose (starting/querying a local OpenCode server and managing sessions). However the registry metadata does not declare required binaries (it should declare the 'opencode' CLI and at least Node/npm), which is an incoherence between what the skill needs and what the metadata advertises. package.json lists axios (installed by npm) though the code uses only core http, indicating sloppy packaging.
Instruction Scope: concernSKILL.md instructs running the included Node script in the working directory; the script will (a) auto-install npm dependencies if node_modules is missing, (b) spawn the external 'opencode' process bound to the current directory, and (c) interact with the local OpenCode HTTP API. These actions can modify files in the current directory and perform network fetches (npm install). SKILL.md omits that Node/npm will be used and that npm install may run, which is a material omission.
Install Mechanism: noteThere is no explicit install spec in registry metadata, but the runtime script will run 'npm install' inside the skill's scripts directory if dependencies are missing. That fetches packages from the public npm registry (a standard source) and can execute package postinstall scripts — moderate risk compared with a purely instruction-only skill.
Credentials: okThe skill does not request credentials, environment variables, or external config paths. It only interacts with a local server and spawns an 'opencode' binary; no secrets are declared or used.
Persistence & Privilege: okThe skill is not always-included and does not modify other skills or global agent settings. It spawns a local process and will kill it on close; no persistent system-wide privileges are requested.