OpenCode CLI API Controller
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent OpenCode controller, but it gives an unauthenticated local/LAN API broad coding authority, persists a background server and session state, and downplays verification and external-provider risks.
Install only if you trust OpenCode and understand that it can modify project files on your behalf. Keep the server on 127.0.0.1, avoid the 0.0.0.0 LAN mode unless tightly firewalled, inspect generated code yourself before running or deploying it, and remember that external model providers may receive prompts or code context when selected.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may report that work is complete without inspecting the actual source changes, increasing the chance of unsafe or incorrect generated code going unnoticed.
The skill redirects the agent away from direct read-only verification and makes OpenCode/API outputs authoritative for judging code changes.
You are **EXPLICITLY PROHIBITED** from reading or modifying the project's source code files directly... **Trust the System**... check the *status* and *diff summary*, not the file contents.
Use this only when you are comfortable delegating implementation to OpenCode, and independently inspect changed files before running or deploying them.
A malformed or hostile project name could write state data outside the intended state directory and corrupt skill files such as config JSON.
The project name is used directly in a filesystem path without sanitizing path separators or traversal such as ../.
PROJECT_NAME="$1" ... cp "$SKILL_DIR/state/current.json" "$SKILL_DIR/state/$PROJECT_NAME.json"
Sanitize project names to a safe basename pattern, reject slashes and traversal, and keep state writes confined to the state directory.
Prompts, code context, and generated work may be processed under your configured provider accounts and billing limits.
The skill itself does not hardcode credentials, but its intended workflow may rely on OpenCode provider API keys and delegated account access.
Providers are connected in OpenCode, not in this skill: ... opencode config set providers.anthropic.apiKey "sk-..." ... export ANTHROPIC_API_KEY="sk-..."
Use least-privilege provider keys where possible, monitor provider usage, and revoke keys if you no longer use the workflow.
Later runs may continue or act on a previously saved OpenCode session, and local users with access to the skill directory can see project paths/session identifiers.
The skill persists project paths, provider/model selection, and session IDs for reuse across invocations.
./state/current.json # Active session ... "project_path": "/home/user/projects/my-app", "session_id": "ses_abc123xyz"
Protect the skill directory, review state/current.json before sensitive work, and clear stale state when switching projects or users.
If exposed on a LAN, other local-network clients may be able to send coding commands, view project content through the API, or interfere with OpenCode sessions.
The skill documents exposing the OpenCode control API beyond localhost; the API reference also shows normal requests are made without a password and includes file/session/message endpoints.
To enable access from other devices on the same network, start the server using: opencode web --hostname 0.0.0.0 --port 4099
Keep the server bound to 127.0.0.1 unless you have a trusted network and firewall controls; do not expose this API to shared or untrusted networks.
A user may assume prompts or code context never leave the machine even when OpenCode is configured to use external model providers.
This privacy framing can mislead users because other included provider documentation describes OpenCode connections to Anthropic, OpenAI, Gemini, and API-key-backed providers.
**100% Local**: All communications occur strictly within your local environment or trusted local network. **No External Calls**: The skill does not communicate with any external servers or third-party cloud services.
Treat provider-backed sessions as potentially sending prompts/code context to the selected provider, and update the documentation to clearly distinguish local API calls from model-provider traffic.
The control surface for project automation may remain running after the user thinks the task is done.
The script intentionally launches a long-running background OpenCode web server that remains active after the invoking agent process ends.
# This ensures it survives when the parent process (Agent) exits. ... nohup script -q -c "$OPENCODE_BIN web --port $PORT" /dev/null > "$LOG_FILE" 2>&1 &
Provide and use an explicit stop command, check whether the server is still running after work completes, and avoid leaving it active on shared machines.