ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Opencode Guide

v1.0.0

协调并转达用户需求给 opencode 执行代码分析和修改,确保确认后异步使用自动回调脚本执行并汇报结果。

0· 74·1 current·1 all-time
by@wangning823-arch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a coordinator for opencode tasks and includes callback helper scripts — that aligns with its description. However the package metadata declares no required binaries while the scripts clearly require an 'opencode' CLI (and use utilities like timeout/grep/sed and SKILL.md suggests jq). The SKILL.md and README also hardcode /home/root1 paths (e.g. /home/root1/.openclaw/scripts/...), which is inconsistent with the package's postinstall that copies scripts into the installing user's ~/.openclaw/scripts. These mismatches mean the skill may fail or behave unexpectedly on real systems.
!
Instruction Scope
Runtime instructions tell the agent to create files and call absolute paths under /home/root1/.openclaw, and to read session information from ~/.openclaw/agents/main/sessions/sessions.json. The scripts call a separate task-callback.sh (not included) and will parse opencode JSON output. The SKILL.md also emphatically tells the agent not to analyze or modify code itself and to always delegate — that’s a behavioral constraint but not enforceable. Reading session files (sensitive) and invoking callbacks are beyond a simple 'guide' and should be explicitly declared.
Install Mechanism
There is no external download; files ship in the package. package.json includes a postinstall that copies scripts into ~/.openclaw/scripts and a preuninstall cleanup. That will write files into the user's home during install (expected for helper scripts) but is a side-effect users should be aware of. There is no use of remote URLs or extracted archives.
!
Credentials
The skill declares no required env/credentials, but the instructions/scripts read or expect session keys and session files (~/.openclaw/agents/.../sessions.json) and call task-callback.sh with a session key. Accessing session files (which likely contain secrets/tokens) is sensitive behavior not declared in metadata. Also missing is declaration of needing the opencode CLI or jq, which are effectively required 'environment' dependencies.
Persistence & Privilege
always:false (good). The package will install scripts into the user's ~/.openclaw/scripts via postinstall, giving the skill persistent files on disk. The scripts invoke /home/root1/.openclaw/scripts/task-callback.sh (an absolute path), which is a surprising hardcoded dependency; if the install user differs from /home/root1 the calls will fail or behave unexpectedly. The skill does not attempt to modify other skills or system-wide agent settings in the provided files.
What to consider before installing
Before installing: - Expect the package to copy scripts into your home (~/.openclaw/scripts) during install. Review those scripts first. - The scripts expect an 'opencode' CLI and utilities (timeout, grep, sed); SKILL.md also suggests using jq to read sessions.json. The package metadata does not declare these — ensure you have them installed. - The scripts call /home/root1/.openclaw/scripts/task-callback.sh (absolute path) but that file is not included. Confirm where your task-callback.sh lives and edit the scripts to use $HOME or the correct path if needed. Hardcoded /home/root1 paths are fragile and could cause failures or unexpected behavior. - The workflow reads session data (~/.openclaw/agents/main/sessions/sessions.json) and passes session keys to a callback script to send notifications; sessions often contain sensitive tokens. Make sure you trust the callback mechanism and inspect task-callback.sh to verify it does not send these keys elsewhere. - The SKILL.md enforces an operational rule (“never run commands yourself, always delegate after user confirmation”), but that is an instruction only — the agent could still invoke the scripts autonomously. If you are concerned about autonomous modifications, restrict the agent's permissions or require explicit confirmation before any opencode run. If you proceed, audit and (if needed) patch the scripts to remove hardcoded paths, declare/verify dependencies, and confirm the callback implementation (task-callback.sh) is present and safe.

Like a lobster shell, security has layers — review code before you run it.

latestvk977fkqqcvbz7hcds8crxk2h3n843rhb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments