← 返回 Skills 市场
1363
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install opcode
功能描述
Zero-token execution layer for AI agents. Define workflows once, run them free forever — persistent, scheduled, deterministic. 6 MCP tools over SSE. Supports DAG-based execution, 6 step types (action, condition, loop, parallel, wait, reasoning), 26 built-in actions, ${{}} interpolation, reasoning nodes for human-in-the-loop decisions, and secret vault. Use when defining workflows, running templates, checking status, sending signals, querying workflow history, or visualizing DAGs.
安全使用建议
This package implements a full local workflow runtime that can execute shell commands, read/write files, and access the network — that's expected for its purpose but also high-risk if installed blindly. Key points before installing: (1) Registry metadata and the SKILL.md disagree — SKILL.md requires Go/toolchain and the OPCODE_VAULT_KEY secret (which the docs call 'root-equivalent'), so do not trust the registry's 'no env vars' claim. (2) The install instructions run `go install` to fetch/build code from GitHub and the runtime downloads a helper binary into ~/.opcode — inspect the GitHub repository and release history before running that command. (3) Default configuration is permissive (no deny-lists, open network egress); if you proceed, run the daemon under a dedicated low-privilege user, set DenyPaths/WritablePaths, restrict outbound network (proxy/firewall), enable the least-privilege settings, and do not put OPCODE_VAULT_KEY into settings.json. (4) If you cannot audit the upstream repo or do not want a persistent local daemon with a secrets vault, consider running in an isolated VM/container or avoid installing. Additional information that would increase confidence: a verified homepage/repository owner, a release tag/commit to inspect, and registry metadata that matches SKILL.md requirements.
功能分析
Type: OpenClaw Skill
Name: opcode
Version: 1.2.2
The OpenClaw AgentSkills bundle for 'opcode' is classified as suspicious due to its inherent high-risk capabilities, which, while intended for an automation engine, create significant attack surface. The `shell.exec` action (documented in SKILL.md and references/actions.md) allows arbitrary command execution, effectively providing Remote Code Execution (RCE) primitive. Similarly, `fs.*` actions grant broad filesystem access, and `http.*` actions enable arbitrary network requests. The documentation (references/operations.md) explicitly states that the default security model is permissive for filesystem and network access, meaning these powerful capabilities are enabled by default without explicit hardening. While there is no evidence of intentional malice in the provided files (e.g., no prompt injection against the agent, no direct exfiltration commands), the combination of these features makes the skill a critical vulnerability vector if workflows are not carefully designed or if they process untrusted input.
能力评估
Purpose & Capability
The SKILL.md implements a full local workflow runtime (daemon, SSE, secret vault, filesystem and shell actions, HTTP requests) which is coherent with the 'execution layer for AI agents' description. However the registry metadata at the top of the package lists no required env vars, binaries, or install steps while SKILL.md metadata explicitly requires Go 1.25+, CGO_ENABLED=1, gcc/clang and names OPCODE_VAULT_KEY as the primary env — a clear inconsistency between declared requirements and the runtime instructions.
Instruction Scope
The runtime instructions direct the user to install and run a persistent local daemon that listens on TCP (default :4100), writes ~/.opcode (DB, settings, pidfile), downloads an auxiliary tool, and exposes MCP over SSE and an optional web panel. The workflow actions include fs.read/fs.write, shell.exec (arbitrary commands), and http.request. These capabilities are expected for a workflow engine, but they give broad access to files, processes, and network egress; defaults are permissive unless you explicitly configure deny/writable paths and network controls.
Install Mechanism
The skill bundle itself has no install spec in the registry, but SKILL.md instructs users to run `go install github.com/rendis/opcode/cmd/opcode@latest` and the install sequence downloads a helper (mermaid-ascii) into ~/.opcode/bin. Fetching from a GitHub repo via `go install` is traceable and common, but because the repository source is 'unknown' in the registry header and no install metadata was declared, users installing this will pull and build remote code at runtime — review the repository before running the install.
Credentials
Registry metadata listed no required environment variables, but SKILL.md declares OPCODE_VAULT_KEY as primary-env and documents many optional env overrides (OPCODE_DB_PATH, OPCODE_LISTEN_ADDR, OPCODE_PANEL, etc.). The vault key is described as 'root-equivalent' for stored secrets and is used to derive AES-256 keys — granting this to the daemon is high privilege and must be justified and protected. The mismatch between declared and actual env requirements is concerning.
Persistence & Privilege
The skill runs a persistent SSE daemon, creates files under ~/.opcode, a pidfile, and an embedded DB; it does not set always:true in registry (so it's not force-included), which is appropriate. Still, a long-running local process with ability to execute shell commands, read/write files, and make HTTP requests has a significant ongoing attack surface — run under a restricted user, constrain filesystem and network controls, and avoid exposing the panel to untrusted networks.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install opcode - 安装完成后,直接呼叫该 Skill 的名称或使用
/opcode触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.2
- Reworded description and introduction for clarity, emphasizing zero-token execution and persistence.
- Mentioned support for 26 built-in actions (was 25).
- Highlighted the advantage of defining workflows once and running them for free with deterministic results.
- No structural or functional changes to tools or API.
v1.2.1
**Opcode 1.2.1 Changelog**
- Added `references/operations.md` for expanded reference documentation.
- Documentation updates: clarified compatibility, prerequisites, and SSE daemon details.
- Updated built-in actions count (now 25).
- Added section links and references to external documentation for advanced configuration, security, and more.
- Metadata and schema improvements in SKILL.md for clarity and tooling compatibility.
v1.2.0
**Major update: Transitions opcode from stdio/JSON-RPC to a persistent SSE daemon with expanded orchestration and management tools.**
- Runs as an SSE (Server-Sent Events) daemon, not via stdio; supports many agents over HTTP, 1 shared database, 1 server.
- Adds a built-in web panel for visual workflow monitoring and multi-agent management.
- Expands from 5 to 6 MCP tools, introducing the opcode.diagram tool for workflow DAG visualization.
- Changes communication protocol from MCP over stdio to MCP over SSE/HTTP.
- Updates installation, configuration, and security instructions to reflect SSE daemon mode (installs to ~/.opcode/, uses persistent config, supports SIGHUP hot-reload).
- Improved startup, agent registration, and recovery behavior—workflows/cron jobs survive restarts; interrupted workflows are recoverable by agents.
- Multiple deployment, environment, and management enhancements, plus support for live configuration updates via SIGHUP.
v1.0.2
- Added a "Security Model" section detailing resource controls for filesystem, shell, and HTTP actions, along with recommended production security practices.
- Documented new metadata fields: `user-invocable` (true) and `repository` URL.
- No core functionality changes; documentation enhancements only.
v1.0.1
Version 1.0.1
- Added Openclaw metadata, including install instructions, supported OS, required environment variables, and dependencies.
- Clarified environment variable usage for `OPCODE_VAULT_KEY` with improved security recommendations in client config examples.
- No changes to functionality or code; documentation updates only.
v1.0.0
Initial release of opcode: an agent-first workflow orchestration engine with MCP stdio integration.
- Exposes 5 MCP tools for defining, executing, monitoring, signaling, and querying workflows.
- Supports DAG-based workflows with 6 step types, including human-in-the-loop reasoning and parallelism.
- Includes 24+ built-in actions, templated variable interpolation (`${{ }}`), and secret vault integration.
- Runs as a stdio MCP server (JSON-RPC), launched as a subprocess by any MCP-compatible client.
- Provides robust workflow control with signals, status queries, history, and cron-based scheduling.
- Requires Go 1.25+, CGO, and a C compiler; uses embedded libSQL for persistence.
元数据
常见问题
Opcode 是什么?
Zero-token execution layer for AI agents. Define workflows once, run them free forever — persistent, scheduled, deterministic. 6 MCP tools over SSE. Supports DAG-based execution, 6 step types (action, condition, loop, parallel, wait, reasoning), 26 built-in actions, ${{}} interpolation, reasoning nodes for human-in-the-loop decisions, and secret vault. Use when defining workflows, running templates, checking status, sending signals, querying workflow history, or visualizing DAGs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1363 次。
如何安装 Opcode?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install opcode」即可一键安装,无需额外配置。
Opcode 是免费的吗?
是的,Opcode 完全免费(开源免费),可自由下载、安装和使用。
Opcode 支持哪些平台?
Opcode 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Opcode?
由 rendis(@rendis)开发并维护,当前版本 v1.2.2。
推荐 Skills