Back to skill

Security audit

opencode-session-toolkit-cn

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it locally reads and exports OpenCode session history, but those exports may contain private conversation and project data.

Install this only if you want an agent to inspect or export local OpenCode history. Prefer narrow filters such as session, project, title, directory, or date range; avoid --all unless you intend a full export; keep generated Markdown private; review and redact it before sharing; and ensure the local opencode and uv commands on PATH are trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages reading raw message JSON and exporting sessions to Markdown, which can contain sensitive conversation history, filesystem paths, project identifiers, and possibly credentials or tokens referenced in messages. Although the notes later mention that account tables contain sensitive credentials, the export and inspection workflow does not prominently warn that generated files and console output may themselves leak private data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables implicit invocation with no visible trigger constraints or scoping, so an agent may call it automatically in situations the user did not clearly intend. Because this skill reads and exports local OpenCode session data, ambiguous activation increases the chance of unintended access to sensitive local conversation history or metadata.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This tool exports full OpenCode session transcripts, including message content and tool payloads, to Markdown on disk without any explicit warning, confirmation, or protective defaults around sensitive data exposure. In the context of an agent-session export utility, transcripts may contain secrets, internal paths, tokens, prompts, or proprietary code, so silent bulk export increases the chance of accidental data disclosure.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.