Opcode

Name: Opcode
Author: rendis

Description

Zero-token execution layer for AI agents. Define workflows once, run them free forever — persistent, scheduled, deterministic. 6 MCP tools over SSE. Supports DAG-based execution, 6 step types (action, condition, loop, parallel, wait, reasoning), 26 built-in actions, ${{}} interpolation, reasoning nodes for human-in-the-loop decisions, and secret vault. Use when defining workflows, running templates, checking status, sending signals, querying workflow history, or visualizing DAGs.

Usage Guidance

This package implements a full local workflow runtime that can execute shell commands, read/write files, and access the network — that's expected for its purpose but also high-risk if installed blindly. Key points before installing: (1) Registry metadata and the SKILL.md disagree — SKILL.md requires Go/toolchain and the OPCODE_VAULT_KEY secret (which the docs call 'root-equivalent'), so do not trust the registry's 'no env vars' claim. (2) The install instructions run `go install` to fetch/build code from GitHub and the runtime downloads a helper binary into ~/.opcode — inspect the GitHub repository and release history before running that command. (3) Default configuration is permissive (no deny-lists, open network egress); if you proceed, run the daemon under a dedicated low-privilege user, set DenyPaths/WritablePaths, restrict outbound network (proxy/firewall), enable the least-privilege settings, and do not put OPCODE_VAULT_KEY into settings.json. (4) If you cannot audit the upstream repo or do not want a persistent local daemon with a secrets vault, consider running in an isolated VM/container or avoid installing. Additional information that would increase confidence: a verified homepage/repository owner, a release tag/commit to inspect, and registry metadata that matches SKILL.md requirements.

Capability Analysis

Type: OpenClaw Skill Name: opcode Version: 1.2.2 The OpenClaw AgentSkills bundle for 'opcode' is classified as suspicious due to its inherent high-risk capabilities, which, while intended for an automation engine, create significant attack surface. The `shell.exec` action (documented in SKILL.md and references/actions.md) allows arbitrary command execution, effectively providing Remote Code Execution (RCE) primitive. Similarly, `fs.*` actions grant broad filesystem access, and `http.*` actions enable arbitrary network requests. The documentation (references/operations.md) explicitly states that the default security model is permissive for filesystem and network access, meaning these powerful capabilities are enabled by default without explicit hardening. While there is no evidence of intentional malice in the provided files (e.g., no prompt injection against the agent, no direct exfiltration commands), the combination of these features makes the skill a critical vulnerability vector if workflows are not carefully designed or if they process untrusted input.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md implements a full local workflow runtime (daemon, SSE, secret vault, filesystem and shell actions, HTTP requests) which is coherent with the 'execution layer for AI agents' description. However the registry metadata at the top of the package lists no required env vars, binaries, or install steps while SKILL.md metadata explicitly requires Go 1.25+, CGO_ENABLED=1, gcc/clang and names OPCODE_VAULT_KEY as the primary env — a clear inconsistency between declared requirements and the runtime instructions.

ℹ Instruction Scope

The runtime instructions direct the user to install and run a persistent local daemon that listens on TCP (default :4100), writes ~/.opcode (DB, settings, pidfile), downloads an auxiliary tool, and exposes MCP over SSE and an optional web panel. The workflow actions include fs.read/fs.write, shell.exec (arbitrary commands), and http.request. These capabilities are expected for a workflow engine, but they give broad access to files, processes, and network egress; defaults are permissive unless you explicitly configure deny/writable paths and network controls.

ℹ Install Mechanism

The skill bundle itself has no install spec in the registry, but SKILL.md instructs users to run `go install github.com/rendis/opcode/cmd/opcode@latest` and the install sequence downloads a helper (mermaid-ascii) into ~/.opcode/bin. Fetching from a GitHub repo via `go install` is traceable and common, but because the repository source is 'unknown' in the registry header and no install metadata was declared, users installing this will pull and build remote code at runtime — review the repository before running the install.

⚠ Credentials

Registry metadata listed no required environment variables, but SKILL.md declares OPCODE_VAULT_KEY as primary-env and documents many optional env overrides (OPCODE_DB_PATH, OPCODE_LISTEN_ADDR, OPCODE_PANEL, etc.). The vault key is described as 'root-equivalent' for stored secrets and is used to derive AES-256 keys — granting this to the daemon is high privilege and must be justified and protected. The mismatch between declared and actual env requirements is concerning.

ℹ Persistence & Privilege

The skill runs a persistent SSE daemon, creates files under ~/.opcode, a pidfile, and an embedded DB; it does not set always:true in registry (so it's not force-included), which is appropriate. Still, a long-running local process with ability to execute shell commands, read/write files, and make HTTP requests has a significant ongoing attack surface — run under a restricted user, constrain filesystem and network controls, and avoid exposing the panel to untrusted networks.

Version History

v1.2.2

- Reworded description and introduction for clarity, emphasizing zero-token execution and persistence. - Mentioned support for 26 built-in actions (was 25). - Highlighted the advantage of defining workflows once and running them for free with deterministic results. - No structural or functional changes to tools or API.

v1.2.1

**Opcode 1.2.1 Changelog** - Added `references/operations.md` for expanded reference documentation. - Documentation updates: clarified compatibility, prerequisites, and SSE daemon details. - Updated built-in actions count (now 25). - Added section links and references to external documentation for advanced configuration, security, and more. - Metadata and schema improvements in SKILL.md for clarity and tooling compatibility.

v1.2.0

**Major update: Transitions opcode from stdio/JSON-RPC to a persistent SSE daemon with expanded orchestration and management tools.** - Runs as an SSE (Server-Sent Events) daemon, not via stdio; supports many agents over HTTP, 1 shared database, 1 server. - Adds a built-in web panel for visual workflow monitoring and multi-agent management. - Expands from 5 to 6 MCP tools, introducing the opcode.diagram tool for workflow DAG visualization. - Changes communication protocol from MCP over stdio to MCP over SSE/HTTP. - Updates installation, configuration, and security instructions to reflect SSE daemon mode (installs to ~/.opcode/, uses persistent config, supports SIGHUP hot-reload). - Improved startup, agent registration, and recovery behavior—workflows/cron jobs survive restarts; interrupted workflows are recoverable by agents. - Multiple deployment, environment, and management enhancements, plus support for live configuration updates via SIGHUP.

v1.0.2

- Added a "Security Model" section detailing resource controls for filesystem, shell, and HTTP actions, along with recommended production security practices. - Documented new metadata fields: `user-invocable` (true) and `repository` URL. - No core functionality changes; documentation enhancements only.

v1.0.1

Version 1.0.1 - Added Openclaw metadata, including install instructions, supported OS, required environment variables, and dependencies. - Clarified environment variable usage for `OPCODE_VAULT_KEY` with improved security recommendations in client config examples. - No changes to functionality or code; documentation updates only.

v1.0.0

Initial release of opcode: an agent-first workflow orchestration engine with MCP stdio integration. - Exposes 5 MCP tools for defining, executing, monitoring, signaling, and querying workflows. - Supports DAG-based workflows with 6 step types, including human-in-the-loop reasoning and parallelism. - Includes 24+ built-in actions, templated variable interpolation (`${{ }}`), and secret vault integration. - Runs as a stdio MCP server (JSON-RPC), launched as a subprocess by any MCP-compatible client. - Provides robust workflow control with signals, status queries, history, and cron-based scheduling. - Requires Go 1.25+, CGO, and a C compiler; uses embedded libSQL for persistence.

Metadata

Slug opcode

Version 1.2.2

License —

All-time Installs 0

Active Installs 0

Total Versions 6

Frequently Asked Questions

What is Opcode?

Zero-token execution layer for AI agents. Define workflows once, run them free forever — persistent, scheduled, deterministic. 6 MCP tools over SSE. Supports DAG-based execution, 6 step types (action, condition, loop, parallel, wait, reasoning), 26 built-in actions, ${{}} interpolation, reasoning nodes for human-in-the-loop decisions, and secret vault. Use when defining workflows, running templates, checking status, sending signals, querying workflow history, or visualizing DAGs. It is an AI Agent Skill for Claude Code / OpenClaw, with 1363 downloads so far.

How do I install Opcode?

Run "/install opcode" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Opcode free?

Yes, Opcode is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Opcode support?

Opcode is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Opcode?

It is built and maintained by rendis (@rendis); the current version is v1.2.2.

More Skills

What is Opcode?

How do I install Opcode?

Is Opcode free?

Which platforms does Opcode support?

Who created Opcode?

💬 Comments