v1.0.0

Oh My OpenCode

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:19 AM.

Analysis

This appears to be a real OpenCode orchestration helper, but it enables broad autonomous coding, background agents, provider account use, and unpinned remote installers, so it deserves careful review before installation.

GuidanceInstall only if you trust the OpenCode and oh-my-opencode sources. Start in a disposable or version-controlled repository, keep destructive permissions on ask/deny, review generated plans and diffs, monitor or disable background/continuation hooks, and confirm which LLM providers may receive your project context.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

The agent will automatically: ... Explore your codebase ... Implement the feature ... Verify with diagnostics and tests ... Keep working until 100% complete

Ultrawork mode gives the agent autonomous codebase exploration, implementation, and verification authority, with no clearly stated default approval gate or rollback boundary in the artifact.

User impactThe agent may make broad project changes and run tool-driven workflows longer or more aggressively than a user expects.

RecommendationUse this only in version-controlled projects, keep edit/bash/web permissions on ask or deny until trusted, and review changes before committing or deploying.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

references/troubleshooting.md

The `todo-continuation-enforcer` hook forces the agent to continue from where it left off ... Use `/stop-continuation` to stop all continuation mechanisms

The documented continuation mechanisms and stop command show that the system can keep agent work going across interruptions; this is disclosed, but it needs clear user control.

User impactBackground or continuation behavior could keep modifying or investigating a project after the user thought the task had stopped.

RecommendationConfirm which continuation hooks are enabled, learn the stop controls before use, and disable background/continuation features for sensitive repositories.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -fsSL https://opencode.ai/install | bash ... bunx oh-my-opencode install

The documented setup relies on remote, unpinned installer/package execution. This is central to the stated purpose, but it places trust in external distribution channels.

User impactInstalling or diagnosing the plugin may execute code fetched from remote package/script sources.

RecommendationVerify the package and repository, prefer pinned versions where possible, and avoid running installer commands in privileged shells.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/doctor.sh

AUTH_LIST=$(opencode auth list 2>/dev/null || echo "")

The skill expects OpenCode provider authentication and the doctor script checks local auth status. This is expected for an LLM orchestration plugin, but it depends on provider account access.

User impactThe plugin will operate using whichever LLM provider accounts are authenticated in OpenCode, which may incur costs or expose project context to those providers.

RecommendationReview authenticated providers, use least-privilege accounts where possible, and confirm billing/data policies before running autonomous tasks.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Accumulates learnings across tasks ... Tracks progress across sessions (resume anytime)

The plugin stores or reuses task context across work items and sessions. That persistence is purpose-aligned, but it can preserve sensitive or stale project assumptions.

User impactPlans, learnings, or remembered context may influence later agent actions and may contain sensitive project information.

RecommendationInspect persistent plan/state files, avoid storing secrets in prompts or plans, and clear project state when switching tasks or repositories.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

delegate_task(subagent_type="explore", run_in_background=true, prompt="Find auth patterns...")

The artifacts document task delegation to subagents, including background execution. This is the core feature, but task prompts and code context may move between agents and model providers.

User impactSensitive code or project details may be shared with multiple delegated agents or providers during routing and fallback.

RecommendationCheck provider routing configuration, disable providers you do not want used, and avoid delegating tasks that include secrets or regulated data.