ClawHub

Opencode-controller

v1.0.0

Control and operate Opencode via slash commands. Use this skill to manage sessions, select models, switch agents (plan/build), and coordinate coding through Opencode.

72· 17.5k·169 current·180 all-time
byJuly@karatla
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Opencode control via slash commands) aligns with the instructions: start Opencode, use /sessions, /agents, /models and coordinate Plan/Build. No unrelated binaries, installs, or env vars are requested.
Instruction Scope
The SKILL.md stays within the stated purpose (session, agent and model selection, Plan/Build workflows). One noteworthy behavior: it explicitly instructs the agent to copy Opencode-generated login URLs and send them to the user verbatim — this is coherent for provider authentication, but forwarding raw login links can expose embedded tokens if present, so handle links conservatively.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk writes and arbitrary code execution risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The authentication flow relies on the user and Opencode UI rather than supplied secrets, which is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request system-wide changes or persistent privileges. It also does not attempt to modify other skills or agent configurations.
Assessment
This skill is coherent and low-risk because it's instruction-only and requests no credentials or installs. Before using it: ensure you trust the Opencode instance it will operate, and be careful when copying or sharing any login URLs — check whether the URL contains session tokens or one-time auth codes before forwarding. Only approve authentication flows you initiated, and avoid pasting provider tokens into untrusted chat windows or third-party services.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d36mm7y6zvt34xgrp94tq4h803q69

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments