Skillv2.3.0

ClawScan security

Free Buddy Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 20, 2026, 5:55 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose — querying opencode.ai for free models and updating the local WorkBuddy models.json — and it does not request unrelated credentials or perform hidden network activity.
Guidance: This skill appears to do exactly what it says: query opencode.ai's public models endpoint and add free models to your WorkBuddy config (~/.workbuddy/models.json). Before installing or letting an agent run it autonomously: (1) back up your existing ~/.workbuddy/models.json, (2) review the included script (update-free-models.py) to confirm behavior, (3) confirm you trust opencode.ai as the endpoint, and (4) prefer running the script manually first to see what it would add. If you do allow autonomous invocation, be aware the agent may run the script and change your local WorkBuddy model list without additional prompts.

Review Dimensions

Purpose & Capability: okThe name/description promise (detect and configure opencode.ai free models into WorkBuddy) aligns with the included code and SKILL.md: the script queries https://opencode.ai/zen/v1/models, filters free models, and writes entries into ~/.workbuddy/models.json. No unrelated capabilities (cloud creds, other services) are requested.
Instruction Scope: noteInstructions and the script explicitly read and write the user's WorkBuddy config (~/.workbuddy/models.json). This is in-scope for a configuration helper, but it is an operation that modifies local user config files. The script prompts for confirmation in interactive mode and defaults to not modifying in non-interactive mode, which reduces risk.
Install Mechanism: okThere is no install spec that downloads external code at install time. The repository supplies a Python script bundled with the skill; running it causes local I/O but no external code downloads or obscure installers.
Credentials: okThe skill requests no environment variables or secrets. It uses the literal string "public" as an API key for public endpoints, consistent with the SKILL.md. There are no unrelated credential requests.
Persistence & Privilege: okThe skill is not marked always:true and does not attempt to modify other skills or system-wide agent settings. It does modify a per-user WorkBuddy config file, which is expected for its purpose. Note that the platform default allows autonomous invocation; the agent could run this skill and update the config if permitted.