OpenCode Zen - Check Free Models
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: opencode-zen-check-free-models Version: 1.0.0 The skill fetches remote HTML from `opencode.ai` via `curl` and instructs the agent to parse it to update local configuration files (`config.yaml`) and environment variables. This pattern is highly susceptible to indirect prompt injection, where a remote webpage could provide malicious instructions or configurations to the agent. Furthermore, the explicit mention of "stealth models" and the specific identifier `big-pickle` in `SKILL.md` is highly irregular and potentially points to a model-redirection attack or an attempt to trick the user into using an untrusted model provider.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Accepting the prompt could change which model OpenClaw uses across several workflows.
A default model change can affect multiple agent functions, but the skill says it should ask the user before making the change.
Would you like me to set `[Model ID]` as your new default model for OpenClaw (for all Agents, Compaction, and Heartbeat)?
Verify the model ID on the official pricing page and understand the scope of the change before confirming.
A mistaken or overly broad update could alter the user's OpenClaw behavior until reverted.
The skill can mutate local configuration or environment settings. This is aligned with the stated purpose and gated on user confirmation, but the exact target file/setting is not tightly specified.
Update the local OpenClaw configuration file in the workspace (e.g., `config.yaml`) or set the relevant environment variables to the new model ID.
Ask the agent to show the exact file, setting, and diff before applying any change, and keep a backup if possible.
The skill may stop notifying about models already recorded in the local state file.
The skill stores persistent workspace state that influences future prompts. The state is scoped and not described as sensitive.
Save the newly updated list of free models as a JSON array to `./zen_seen_models.json` in the workspace to ensure the user is not prompted again for these specific models.
Delete or inspect `zen_seen_models.json` if you want to reset the skill's memory of seen models.
Users have less external context for who authored or maintains the skill.
The registry metadata does not provide a source repository or homepage for provenance review. No install code is present, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Prefer skills with clear source links when possible, or review the full SKILL.md before use.