OpenCode Remote

通过 HTTP API 远程操作 OpenCode 服务器。用于管理远程 OpenCode 实例的会话、监控状态和执行任务。 核心功能： 1. 管理多个"主session"（每个有独立的四词短名、endpoint、任务） 2. 向 session 发送消息（默认不指定agent，延续之前使用） 3. 自动监控：发...

This skill appears to implement what it claims (remote OpenCode session management) but has surprising behaviors you should consider before using it: - File path mismatch: SKILL.md says to record sessions to 'opencode-sessions.md' but the provided main_session_manager.py writes JSON to /root/.openclaw/workspace/opencode-sessions.json. That will fail unless run as root or the directory exists; change the path to a safe, user-writable location if you plan to run it. - Persistent monitoring: The skill instructs creating cron jobs and includes a long-running monitor script. If you enable this, the agent (or your machine) will poll the remote server every 5 minutes and store/report session data. Confirm you want that continuous network activity and what data will be reported. - Default proxy: monitor_session.py uses a default SOCKS5 proxy (socks5://127.0.0.1:1080) that is not documented in SKILL.md. If you don't intend to route traffic through a local proxy, remove or override this default; otherwise traffic will attempt to use that proxy which may silently fail or leak to unintended routes if you have one configured. - Remote shell and file APIs: The referenced API exposes endpoints for executing shell commands, reading files, PTY creation, etc. Those are powerful and can read or modify remote host files — ensure you trust the OpenCode server and that you intend to use those capabilities. Recommendations before installing or running: 1. Inspect and (preferably) modify the code: change the session storage path to a non-root location, remove or make explicit the default SOCKS proxy, and verify cron commands are appropriate for your environment. 2. Run scripts in an isolated environment (container or non-privileged account) to avoid accidental writes to /root or persistent daemons running under your account. 3. Decide explicitly whether you want periodic monitoring; if not, do not add the cron job and run monitoring only when asked. 4. Review the server endpoints you will query (esp. shell/file endpoints) to avoid unintended remote commands or data exposure. 5. If anything is unclear, ask the skill author to justify the /root path and the proxy default and to provide an option to store state in the current working directory. Because of the mismatches and persistence instructions, treat this skill as 'suspicious' until you confirm or remediate the noted issues.

Type: OpenClaw Skill Name: opencode-remote Version: 1.0.0 The skill bundle is designed for remote management of OpenCode servers via an HTTP API. It includes Python scripts (opencode_client.py, monitor_session.py) for interacting with the API and managing session states locally. The instructions in SKILL.md emphasize transparency by requiring the agent to repeat all sent prompts to the user and use automated monitoring (via a cron-like mechanism) to track task progress. While the API supports powerful features like remote shell execution and PTY access, these are consistent with the stated purpose of managing a remote development environment, and there is no evidence of local data exfiltration, unauthorized persistence, or malicious intent.