← Back to Skills Marketplace
164
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install opencode-api
Description
透過 HTTP API 呼叫 OpenCode Server 進行 code review、程式碼分析與編碼任務。 涵蓋:Agents(4種模式+自訂代理)、Custom Tools(TypeScript)、Formatters(ruff/biome)、 Skills(載入技能)、SDK(完整 API,含結構化輸...
Usage Guidance
This skill is a reasonably coherent SDK for talking to an OpenCode server, but it explicitly expects to read project files, inject project context into sessions, and (via plugins/hooks) can set shell env vars and automatically add prompts. Before installing:
- Inspect the included scripts (scripts/opencode_*.py) to confirm they do only what you expect.
- Do not point the skill at remote provider endpoints or set API keys unless you trust the remote service; avoid entering secrets into prompts.
- Avoid using auto_start or auto-injecting hooks until you audit them; run the client in an isolated environment or VM first.
- Restrict OpenCode permissions (bash/read/edit) and deny webfetch/websearch if you want to limit outbound data flow.
- If you will use it with private repos, ensure sessions are not auto-shared and revoke any share URLs after use.
If you want a lower-risk test: run the client against a local, isolated OpenCode instance with no external providers and no saved creds, and verify behavior before enabling it for real projects.
Capability Analysis
Type: OpenClaw Skill
Name: opencode-api
Version: 2.2.0
The skill bundle provides a comprehensive Python SDK and CLI wrappers to interface with an 'OpenCode' server for automated code review and analysis. It possesses high-risk capabilities, including arbitrary shell execution (via the 'bash' tool), broad file system access (read/write/edit), and a session-sharing feature that uploads data to an external domain (opncd.ai). While these features are plausibly needed for the stated purpose of a coding assistant and the documentation includes security-conscious configurations (such as a permission system that defaults to denying access to .env files in references/permissions.md), the presence of these risky capabilities without clear malicious intent necessitates a suspicious classification according to the provided criteria. Specific files involved include opencode_client.py, opencode_task.py, and opencode_review.py.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (OpenCode HTTP API for code review / agents / SDK / formatters) align with the included materials: SKILL.md, Python client scripts, and many reference docs describing the OpenCode HTTP API, sessions, agents and providers. The provided scripts and references are consistent with a client/SDK for a local OpenCode server and code-review workflows.
Instruction Scope
Runtime instructions explicitly tell the agent to import local scripts (sys.path.insert into C:/Users/admin/.openclaw/workspace/skills/opencode-api/scripts), to include precise local project paths and environment details in prompts, and to run tests via a project's .venv. Reference plugin examples include session-created hooks that automatically inject project context into sessions and shell hooks that set env vars. Those behaviors legitimately support code review, but they also instruct reading local filesystem context and automatically adding it to requests—this broad file/context access is significant and could leak secrets or sensitive code if misused or if a remote provider is configured.
Install Mechanism
No install spec — instruction-only with included Python scripts and many doc files. Nothing is downloaded from arbitrary URLs and there is no package-install step in the skill manifest. The presence of scripts means code will be present on disk when the skill is installed; that is expected for an SDK-style skill, but you should inspect those scripts before running.
Credentials
The skill does not declare required environment variables or credentials, which is plausible for a local HTTP API client. However the docs reference many optional environment variables and provider/API-key patterns (OPENCODE_SERVER_PASSWORD, MINIMAX_API_KEY, {env:MY_API_KEY}, remote MCP URLs). The ability to configure remote providers and pass API keys is necessary for cross-server model providers, but it means the skill can be pointed at remote endpoints that may receive project content—confirm any provider/API keys and endpoints before use.
Persistence & Privilege
always:false (no forced global inclusion). The skill includes examples of plugin hooks that run on session events (e.g., 'session.created' injecting context, 'shell.env' setting env vars) and notes that OpenCode can run bun install for plugins—these are normal plugin capabilities but give the skill potential to modify session behavior and auto-inject data. Autonomous invocation is allowed by default (platform default) and combined with hooks could broaden impact; however there is no explicit always:true or other privileged flag in the manifest.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install opencode-api - After installation, invoke the skill by name or use
/opencode-api - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.0
新增 code-review-prompt.md(11 面向審查框架);更新 opencode_review.py(完整 prompt + Minecraft-Translate 語境)
v2.1.0
全面重構:新增 sdk.md、agents.md、plugins.md、server.md;更新 api-reference、case-studies、models;精簡 SKILL.md 至 8KB;references/ 目錄化索引
v2.0.0
Fix: send_message() model parameter must be object {name,providerID,modelID,reasoningEffort} not string. Fixes HTTP 400 error.
v1.0.2
完整重建:opencode_client.py + opencode_review.py + opencode_task.py;同步全部 workspace
v1.0.1
重建並同步至全部 workspace
v1.0.0
opencode-api v1.0.0
- Initial release of the skill for integrating with OpenCode Server via HTTP API.
- Enables OpenClaw agents to automate code review and coding tasks.
- Supports flexible usage via Python scripts or direct module import.
- Provides multi-model and reasoning depth selection.
- Includes built-in error handling and auto-start of OpenCode Server.
- Comprehensive documentation and integration examples included.
Metadata
Frequently Asked Questions
What is OpenCode HTTP API?
透過 HTTP API 呼叫 OpenCode Server 進行 code review、程式碼分析與編碼任務。 涵蓋:Agents(4種模式+自訂代理)、Custom Tools(TypeScript)、Formatters(ruff/biome)、 Skills(載入技能)、SDK(完整 API,含結構化輸... It is an AI Agent Skill for Claude Code / OpenClaw, with 164 downloads so far.
How do I install OpenCode HTTP API?
Run "/install opencode-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenCode HTTP API free?
Yes, OpenCode HTTP API is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenCode HTTP API support?
OpenCode HTTP API is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenCode HTTP API?
It is built and maintained by jlin53882 (@jlin53882); the current version is v2.2.0.
More Skills