ClawHub

Oh My OpenCode

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenCode orchestration skill, but it enables powerful autonomous and background coding workflows that users should run deliberately.

Install only if you trust OpenCode, oh-my-opencode, and the upstream packages it runs. Prefer package-manager installs over curl-to-bash, use a clean git branch or worktree, keep OpenCode permissions on ask/deny for risky commands, review generated plans and diffs, monitor provider usage/cost, and stop background or continuation workflows when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents and encourages shell-capable actions such as installation, server startup, tmux usage, and CLI execution, but the manifest does not declare permissions or clearly bound those capabilities. That mismatch can cause the platform or user to underestimate the skill's ability to affect the local system, increasing the risk of unintended command execution or unsafe trust in the skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation trigger uses broad natural-language keywords like 'ultrawork' or 'ulw', which can appear in ordinary prompts and unintentionally switch the agent into a more autonomous execution mode. In a skill that can delegate tasks, run background work, and continue until completion, accidental activation materially increases the chance of unexpected code or system changes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description claims applicability to essentially all installation, configuration, operation, agents, hooks, skills, MCPs, and troubleshooting related to the plugin, creating an overly broad invocation surface. Broad scope increases the likelihood the skill is selected in contexts where its autonomous orchestration and shell-oriented guidance are unnecessary or risky.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes autonomous and continuing execution modes that 'keep working until 100% complete' and can hand off execution to orchestrators, but it does not pair that guidance with prominent warnings about repository changes, command execution, cost, or system impact. In this context, the omission is more dangerous because the plugin is expressly designed for multi-agent automation and persistent task continuation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation encourages background agents, parallel execution, tmux panes, and server mode without clear privacy, data-handling, or resource-consumption warnings. Because these features may process repository contents concurrently and expose local services, the lack of warnings can lead users to unintentionally increase data exposure, cost, or system load.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation shows a skill configuration example that permits loading a skill definition directly from a remote URL without any adjacent warning about trust, provenance, or review requirements. Because skills influence agent behavior and allowed tools, normalizing remote skill fetching can lead users to import attacker-controlled prompts or tool permissions, creating a supply-chain style risk through configuration alone.

External Script Fetching

High
Category
Supply Chain
Content
1. **OpenCode** installed and configured (`opencode --version` should be 1.0.150+)
   ```bash
   curl -fsSL https://opencode.ai/install | bash
   # or: npm install -g opencode-ai
   # or: bun install -g opencode-ai
   ```
Confidence
98% confidence
Finding
curl -fsSL https://opencode.ai/install | bash

Chaining Abuse

High
Category
Tool Misuse
Content
1. **OpenCode** installed and configured (`opencode --version` should be 1.0.150+)
   ```bash
   curl -fsSL https://opencode.ai/install | bash
   # or: npm install -g opencode-ai
   # or: bun install -g opencode-ai
   ```
Confidence
99% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal