← Back to Skills Marketplace
653
Downloads
2
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install opencode-api-control-skill
Description
A powerful skill to control Open Code CLI via a local web server API. Allows executing commands, managing sessions, and automating code generation remotely i...
Usage Guidance
This package appears to do what it says: local orchestration of an OpenCode web server via included bash scripts. Before installing: 1) Review and trust the OpenCode server you will point to (127.0.0.1:4099) — if that server is configured with external providers (OpenAI, Anthropic, Gemini), user code or prompts may be sent to those providers; if you need strict local-only operation, ensure OpenCode is configured without external provider keys or bind the server to localhost only. 2) Inspect the scripts (they're included) to confirm the directories in config.json (projects_base_dir) are acceptable for where the skill will create/modify files. 3) Note the SKILL.md forbids directly reading project files, but the API exposes endpoints that can return file content — avoid using those endpoints if you don't want file contents transmitted. 4) Verify the package origin (registry metadata shows no source/homepage but README references a GitHub repo) — if provenance matters, fetch the code directly from the author’s repository and inspect it. 5) If you plan to use external providers, be explicit about what data may be transmitted and who can access it; otherwise keep OpenCode provider config empty or local-only.
Capability Analysis
Type: OpenClaw Skill
Name: opencode-api-control-skill
Version: 1.1.0
The OpenClaw AgentSkills skill bundle is classified as benign. All network communications are strictly local, targeting `http://127.0.0.1:4099` as configured in `config.json` and demonstrated in all `scripts/*.sh` and `Reference/*.md` files. File system operations are confined to managing project directories, skill state files (`./state/`), and a local log file (`opencode_server.log`). The `SKILL.md` actively guides the agent to use the provided API and scripts, and explicitly prohibits direct file manipulation for development tasks, indicating a defensive posture against prompt injection. The use of `nohup` in `scripts/start_server.sh` is for legitimate background persistence of the local OpenCode server. There is no evidence of data exfiltration, unauthorized remote control, obfuscation, or other malicious intent.
Capability Assessment
Purpose & Capability
Name/description match the implementation: the package contains bash helper scripts (start_server, send_message, monitor_session, get_diff, state management, provider selection) and the declared binaries (curl, jq, bash) are exactly what's needed. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md correctly instructs the agent to use the local API and provided scripts and to avoid reading/modifying project source files directly. However the API reference in the package documents endpoints that can return file contents (e.g., /file/content, /find), and the scripts and examples can initiate provider-backed model calls. The skill's guidance forbids direct file reads, but the capability to fetch file content via the API exists — so the agent (or user-run commands) could retrieve project files if those endpoints are used. Also the repository metadata in package (source unknown/homepage none) conflicts with README which points to a GitHub repo; that mismatch is likely packaging metadata oversight but worth noting.
Install Mechanism
This is instruction-and-script-only (no remote downloads or extract steps). The SKILL.md install step only chmods scripts and warns on missing jq. No external installers, no downloaded archives or execution of remote code are present in the package.
Credentials
The skill does not request environment secrets itself. However it intentionally orchestrates OpenCode, which may be configured (outside this skill) with provider API keys; using non-local providers will cause project contents (or prompts containing sensitive content) to be transmitted to those provider services. The skill explains provider usage and selection, so this is expected behavior but important for users holding sensitive code/data.
Persistence & Privilege
always:false and default autonomous invocation are normal. The skill writes only to its own directory (state/, opencode_server.log) and to project directories defined in config.json. It does not attempt to modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install opencode-api-control-skill - After installation, invoke the skill by name or use
/opencode-api-control-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
- Added a new script: scripts/start_server.sh for initializing the OpenCode server in a robust/backgrounded way.
- Updated documentation and workflow to recommend starting the server via start_server.sh for improved reliability.
- Clarified and streamlined server initialization/health-check instructions.
- Added a task initiation protocol, prompting for provider and monitoring choices before starting tasks.
- Improved config and metadata structure (updated author, required binaries).
- Minor clarifications and best practices for workflow and monitoring.
v0.1.0
Initial release of OpenCode-CLI-Controller: remote orchestration for Open Code via local web API.
- Enables command execution, session management, and automation of code generation/remotely within a local network.
- Clearly defines the orchestrator role: you supervise and communicate with OpenCode, but never read/modify project files directly.
- Provides detailed operational guidelines and anti-patterns to ensure all interactions occur through the API or provided scripts.
- Includes best practices for server initialization, session handling, and intelligent task monitoring.
- Offers examples and scripts for common workflows: verifying server health, updating providers, creating/selecting projects, managing sessions, and reporting diffs without file content access.
Metadata
Frequently Asked Questions
What is OpenCode CLI API Controller?
A powerful skill to control Open Code CLI via a local web server API. Allows executing commands, managing sessions, and automating code generation remotely i... It is an AI Agent Skill for Claude Code / OpenClaw, with 653 downloads so far.
How do I install OpenCode CLI API Controller?
Run "/install opencode-api-control-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenCode CLI API Controller free?
Yes, OpenCode CLI API Controller is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenCode CLI API Controller support?
OpenCode CLI API Controller is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenCode CLI API Controller?
It is built and maintained by Malek Rsh (@malek262); the current version is v1.1.0.
More Skills