OpenCode Game Builder

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate OpenCode helper, but it can delegate broad coding work to a full-access subagent without clear safety boundaries.

Install only if you trust your local OpenCode setup. Use it in a dedicated project directory or sandbox, keep version-control checkpoints, avoid running parallel agents in the same workspace, and do not expose sensitive credentials or private sessions unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill advertises activation for broadly defined coding tasks, which can cause the agent to invoke a powerful subagent in situations where the user did not clearly request delegation. Because this skill can spawn an ACP agent with file-system and shell access, overly broad triggering increases the chance of unnecessary execution and expands the attack surface for prompt-injection or unintended destructive actions.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill explicitly states that OpenCode has full file-system access and can execute shell commands, but it provides no safety boundaries, consent requirements, or limitations on sensitive paths and dangerous operations. In the context of an auto-invokable coding subagent, this makes accidental or induced data loss, secret exposure, system modification, or malicious command execution materially more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal