Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
opencode-session-toolkit
v1.0.0Read the local OpenCode SQLite database, run cross-directory session queries, and export sessions to Markdown files.
⭐ 0· 59·0 current·0 all-time
byWu Fei@wufei-png
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (read OpenCode DB and export sessions) matches the included code and SKILL.md. However, the registry metadata claims no required binaries or environment variables while the SKILL.md and the script rely on the local `opencode` CLI to resolve the DB path and the examples rely on `sqlite3`, `column`, and standard shell utilities; that mismatch is unexpected and may cause runtime failures or hidden dependencies.
Instruction Scope
The runtime instructions and the bundled Python script stay within the stated scope: they resolve a local DB path, open the database read-only, run queries, and write Markdown files. There are no network endpoints, secret exfiltration, or commands that read unrelated system configuration. The SKILL.md does include examples that search message JSON (which may contain sensitive session content) — expected for this purpose but worth noting.
Install Mechanism
There is no install spec (instruction-only plus a bundled Python script). The script is pure-Python and uses stdlib modules; nothing is downloaded from external URLs. This is a low-risk install model. One oddity: the script shebang uses "#!/usr/bin/env -S uv run --script" which is unusual and may not work on many systems; the SKILL.md recommends running the script directly with a Python interpreter.
Credentials
No credentials or secrets are requested (good). But the skill implicitly depends on local tools and env vars (opencode CLI, possibly sqlite3, XDG_DATA_HOME/HOME) while the registry metadata lists none — an omission that reduces transparency. The script itself does not access environment variables beyond standard XDG/HOME resolution and does not transmit data externally.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistence or modify other skills. The agent config (agents/openai.yaml) allows implicit invocation, which is common and expected; this is not a standalone red flag here.
What to consider before installing
This skill appears to implement exactly what it says (read a local OpenCode SQLite DB and export sessions), but verify a few things before you install/use it: 1) The SKILL.md and script call the local `opencode` CLI to resolve the DB path (and examples use `sqlite3`, `column`, `date`) — make sure those tools are present and trustworthy; the registry metadata failing to list them is an omission. 2) The script opens the DB read-only (good), but exported sessions may contain sensitive chat/message contents — review the output location and use filters (or avoid --all) if you don't want to export everything. 3) The script requires Python 3.11+ per its header and the shebang is unusual; run it explicitly with a known Python interpreter (python3.11 ./scripts/export_opencode_sessions.py --output-dir <dir> [filters]). 4) If you want higher assurance, inspect the included script (scripts/export_opencode_sessions.py) yourself and test it in a safe/isolated environment. If the metadata were corrected to list the external CLI dependencies and clarify the Python requirement, the coherence concerns would be resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk97e27j0meq11427jqcmy5ya7x83hh1k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.