ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Opencode Acp Control

v0.1.1

Control OpenCode directly via the Agent Client Protocol (ACP). Start sessions, send prompts, resume conversations, and manage OpenCode updates.

5· 1k·3 current·4 all-time
byBastian Berrios Alarcon@studio-hakke
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md clearly implements an ACP client that starts and talks to a local 'opencode' process — this is coherent with the name/description. However, the registry metadata lists no required binaries, while the runtime instructions assume a local 'opencode' executable and agent process controls (bash, process.write/poll/kill). The skill therefore implicitly requires the 'opencode' binary and agent process-handling primitives even though they are not declared.
Instruction Scope
Instructions are explicit and narrowly scoped to starting an opencode process, sending JSON-RPC messages, polling for responses, listing/resuming sessions, and killing the process. They do not instruct reading arbitrary system files or contacting external endpoints beyond the documented GitHub/protocol links. The initialize payload asks to advertise fs read/write and terminal capabilities, which is appropriate for interacting with a code project but means the agent may read/write files inside the project workdir.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest-risk install mechanism. Nothing will be downloaded or written by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested, which matches the skill being a local control adapter. That said, the initialize payload in the instructions advertises filesystem read/write capability and terminal access; the skill will therefore operate on files under the specified project workdir even though no config paths were declared. If you plan to run this, expect the agent to have access to the project directory you point it at.
Persistence & Privilege
The skill is not marked always:true and uses default autonomous invocation. It does not request any elevated or persistent platform privileges in the metadata. Runtime behavior is limited to starting/killing a subprocess for OpenCode.
Assessment
This skill is an instruction-only adapter for controlling a local 'opencode' process via ACP and is generally coherent with its purpose. Before installing or using it: 1) ensure you have the 'opencode' binary installed and trust it — the SKILL.md assumes it exists but the skill metadata doesn't declare it; 2) be aware the skill's runtime flow implies the agent may read/write files in whatever project workdir you supply (so don't point it at sensitive directories); 3) review the linked GitHub repo (https://github.com/bjesuiter/opencode-acp-skill) if you want to validate behavior; 4) don't provide unrelated secrets or global credentials — the skill doesn't need them; 5) note small metadata mismatches (SKILL.md version vs _meta.json) which suggest the package metadata may be out of sync — not necessarily malicious but worth a quick sanity check.

Like a lobster shell, security has layers — review code before you run it.

latestvk978wsyve09t36kb1fxz2k93gx81edjz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments