v1.0.0

Opencode-controller

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

This is a coherent instruction-only controller for Opencode, with no embedded code or install behavior, but users should verify Opencode, authentication links, session reuse, and delegated code changes.

GuidanceThis skill appears safe to install if you intend to control Opencode. Before use, make sure Opencode itself is trusted, verify any provider login link, approve the session and model choices, and review code changes made through Build mode.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.

The skill has no install package or declared binary requirement, while its instructions direct use of Opencode. This is purpose-aligned, but the user should rely only on a trusted local Opencode installation.

User impactThe skill will operate whichever Opencode installation is available in the user's environment.

RecommendationVerify that Opencode is installed from a trusted source before using this controller.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

- Ask Opencode to implement the approved plan.

The skill delegates implementation to Opencode Build mode. That is the stated purpose, but it can result in project file changes.

User impactOpencode may modify code or project files as part of the approved workflow.

RecommendationReview the plan before Build mode and inspect resulting diffs or file changes before accepting them.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

- Ask the user which AI provider to use.
- Ask how the provider should be authenticated.
- Do not proceed without confirmation.

The skill involves provider authentication, which is expected for model selection. The artifact requires user confirmation and does not show hardcoded credentials or credential logging.

User impactUsing the skill may connect Opencode to a provider account or authentication flow.

RecommendationChoose the provider intentionally, verify any login link domain, and avoid sharing API keys unless that is the intended authentication method.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/session-management.md

- Opencode keeps a history of projects
- The same project must always use the same session
- Reusing sessions preserves context and decisions

The skill intentionally uses persistent Opencode sessions. This supports continuity, but retained context may contain sensitive project details or stale decisions.

User impactPrior Opencode session context can influence future work on the same project.

RecommendationUse the correct project session and reset or create a new session with user approval when old context should not carry forward.