ClawHub

opencode-client

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent OpenCode CLI handbook, but it gives broad coding-agent, shell, permission, file, and server-control authority without enough user-control guidance.

Install only if you trust and have verified the `oho` CLI you will run. Require explicit approval before shell commands, permission approvals, sharing or deleting sessions, attaching local files, changing provider credentials, or starting network-facing services; replace the sample password with a real secret-handling method and monitor async sessions or MCP/server processes you start.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The documentation includes a destructive deletion command without any confirmation, warning, or recovery guidance. In an agent skill context, that increases the chance an automated system or user will irreversibly delete sessions or data through prompt ambiguity or misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises shell-command execution from the messaging interface without any safety guidance, scope limitation, or trust boundary explanation. In an agent-driven environment, this can normalize arbitrary command execution against the host or workspace and materially increase the risk of destructive actions, credential exposure, or lateral movement.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The instructions recommend force-killing processes with pkill -9 but do not warn about abrupt termination, corrupted state, or loss of in-flight work. In an operations skill, this can cause service disruption and accidental data loss when followed automatically or by inexperienced users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation hard-codes a server password in a startup command, exposing a credential handling anti-pattern. Even if presented as an example, embedding plaintext secrets in skill content encourages credential leakage into shell history, process listings, logs, screenshots, and downstream copies.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal