Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenCode Game Builder
v1.0.0Spawn OpenCode as an ACP (Agent Client Protocol) subagent for complex coding tasks. Use when building games, web apps, multi-file projects, or when the user...
⭐ 0· 12·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (spawn an OpenCode ACP subagent for multi-file/game projects) match the instructions: the SKILL.md shows how to spawn an ACP subagent (sessions_spawn) and describes coding-focused capabilities. That said, the SKILL.md references provider API keys and environment variables for AI providers even though the skill metadata declares no required env vars or credentials.
Instruction Scope
The instructions tell the agent to spawn subagents with arbitrary cwd paths, and explicitly state OpenCode has full filesystem access, can execute shell commands, and perform git operations. They also advertise session sharing and creation of shareable links but do not explain where or how links are hosted. Those behaviors are within scope for a coding agent but materially expand what the agent will do with user data (read/write/execute and potentially publish/share). The SKILL.md does not constrain or clarify what data may be transmitted externally.
Install Mechanism
Instruction-only skill with no install spec and no code files. That minimizes on-disk installation risk; nothing will be automatically downloaded or written by the skill itself.
Credentials
The documentation references setting API keys via 'opencode providers' or environment variables (for OpenAI, Anthropic, Gemini, local models, etc.) but the skill declares no required env vars or primary credential. This mismatch is notable: the agent may prompt/require provider credentials at runtime or expect them in the environment, so the skill's metadata understates credential needs. Additionally, because the agent can read arbitrary paths, it could access files that contain secrets if run in user home/workspace.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and uses normal autonomous invocation settings (disable-model-invocation: false). However, the runtime behavior (spawning a subagent that can run shell commands and read/write files) gives the subagent high privilege over user files while it runs. Autonomous invocation is expected for skills, but combined with broad filesystem and sharing capabilities it increases potential blast radius.
What to consider before installing
This skill appears to be a legitimate coding subagent, but there are important mismatches and risks to consider before installing:
- Source verification: there's no homepage or known source. Verify the OpenCode implementation (official repo or vendor) before trusting it.
- Secrets and API keys: the documentation expects provider API keys but none are declared in the metadata. Do not put secrets in paths you allow the subagent to use; prefer scoped service accounts or ephemeral keys.
- Filesystem exposure: the subagent can read/write files and run shell commands. When testing, use an isolated project directory (not your home or repositories containing credentials).
- Session sharing / external links: the skill advertises shareable session links but doesn't name the hosting/service. Assume sharing may transmit code off-host; avoid using share features with proprietary code unless you confirm where shares go and how they are secured.
- Operational controls: if possible, restrict autonomous invocation, review spawned subagent activity, and audit any created network endpoints. Ask the publisher for source code, a reproducible install, and details on session-sharing endpoints and privacy practices.
If you can't verify the source and behavior, run OpenCode only from a trusted upstream repo or in a sandboxed environment. If you decide to proceed, monitor file and network activity and avoid exposing secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk972cd3ekw19h2mf6pdnepbgmd84cayb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.