by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent and low-risk because it's instruction-only and requests no credentials or installs. Before using it: ensure you trust the Opencode instance it will operate, and be careful when copying or sharing any login URLs — check whether the URL contains session tokens or one-time auth codes before forwarding. Only approve authentication flows you initiated, and avoid pasting provider tokens into untrusted chat windows or third-party services.详细分析 ▾
✓ 用途与能力
The name/description (Opencode control via slash commands) aligns with the instructions: start Opencode, use /sessions, /agents, /models and coordinate Plan/Build. No unrelated binaries, installs, or env vars are requested.
ℹ 指令范围
The SKILL.md stays within the stated purpose (session, agent and model selection, Plan/Build workflows). One noteworthy behavior: it explicitly instructs the agent to copy Opencode-generated login URLs and send them to the user verbatim — this is coherent for provider authentication, but forwarding raw login links can expose embedded tokens if present, so handle links conservatively.
✓ 安装机制
No install spec and no code files — instruction-only. This minimizes disk writes and arbitrary code execution risk.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. The authentication flow relies on the user and Opencode UI rather than supplied secrets, which is proportionate to the stated purpose.
✓ 持久化与权限
always is false and the skill does not request system-wide changes or persistent privileges. It also does not attempt to modify other skills or agent configurations.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/1/29
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install opencode-controller
镜像加速npx clawhub@latest install opencode-controller --registry https://cn.longxiaskill.com