ClawHub

opencode-session-reader-cn

Security checks across malware telemetry and agentic risk

Overview

The skill is a read-only OpenCode session database reader, but it can expose private conversations and points users toward credential-bearing tables without strong scoping or safeguards.

Review before installing. Use it only for local OpenCode session inspection, keep queries limited to session/message/part/project data, avoid account and control_account tables unless you explicitly intend credential administration, and do not paste raw message dumps, tokens, credentials, or full database outputs into shared chats or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill explicitly mentions `account` and `control_account` as sensitive credential-bearing tables, even though its stated purpose is session retrieval, message viewing, and schema inspection. Calling out those tables expands the operator's attention toward secrets-adjacent data without a clear need or safety boundary, increasing the risk of unnecessary credential exposure during routine use.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill acknowledges the presence of sensitive credential tables but does not provide an upfront privacy/security warning before teaching broad database inspection patterns such as `.tables` and `.schema`. In context, this makes incidental discovery and querying of sensitive records more likely, especially because the skill is positioned as a general-purpose database reader across directories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal