Skills
skills/openclaw/skills/opencode-acp-control/Gen Agent Trust Hub

opencode-acp-control

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to perform manual updates using the command curl -fsSL https://opencode.dev/install | bash. This pattern downloads and executes unverified code from a remote server directly into the system shell, which is a major security risk.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the bash tool to manage background processes and sessions. This grants the agent the ability to execute arbitrary shell commands, which could be abused if the agent is misled into executing malicious inputs.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through its communication protocol.
  • Ingestion points: Data enters the agent context through process.poll(sessionId) as described in SKILL.md.
  • Boundary markers: While the skill uses a JSON-RPC structure, it lacks instructions to the agent to disregard instructions embedded in the streamed data from the OpenCode process.
  • Capability inventory: The skill has access to bash, process.write, and process.kill tools.
  • Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://opencode.dev/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 1, 2026, 01:13 PM