Back to skill
Skillv2.2.1
VirusTotal security
OpenCode ACP Control v2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:12 AM
- Hash
- 46e949edd8faefdda0adedef1c265b5ded100e4d2de663d7cf8bb7a38f6932ad
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: opencode-acp-control-v2 Version: 2.2.1 The skill bundle provides a framework for controlling the OpenCode Agent Client Protocol (ACP), which requires high-risk capabilities including background process execution and shell-based file manipulation. Specifically, SKILL.md and opencode-session.sh instruct the agent to execute shell commands like 'rm -f' and 'find' to manage lock files in the ~/.openclaw directory. While these actions are plausibly necessary for the stated purpose of session recovery and management, the reliance on broad shell execution and the instruction for the AI to manage its own process lifecycle constitute a significant attack surface without robust input sanitization.
- External report
- View on VirusTotal