← 返回 Skills 市场
Opencode Acp Control
作者
Bastian Nicolas Berrios Alarcon
· GitHub ↗
· v0.1.1
678
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install opencode-acp-control-3
功能描述
Control OpenCode directly via the Agent Client Protocol (ACP). Start sessions, send prompts, resume conversations, and manage OpenCode updates.
安全使用建议
Before installing or enabling this skill:
- Understand what it actually does: it launches your local 'opencode' CLI and speaks JSON-RPC to it, granting the OpenCode process the ability to read and write files in whatever working directory you provide.
- Verify you have a trusted 'opencode' binary: the skill does not declare required binaries or provide an install origin. Confirm the CLI is from the official project (check the GitHub repo linked in SKILL.md) and that you trust that binary.
- Prefer using the skill only in safe/test directories (not your entire home or production projects), or restrict the cwd you give it.
- Ask the author to update the manifest to declare required binaries (e.g., requires.binaries: ["opencode"]) and to provide provenance/installation instructions; also resolve the metadata inconsistencies (ownerId/version).
- If you need stricter safety, decline the skill or run it in an isolated environment (container/VM) so the agent and the opencode process cannot access sensitive files.
Given the manifest mismatches and the broad filesystem capability, treat this skill with caution until provenance and declared requirements are clarified.
功能分析
Type: OpenClaw Skill
Name: opencode-acp-control-3
Version: 0.1.1
The skill is classified as suspicious primarily due to the inclusion of a high-risk `curl -fsSL https://opencode.dev/install | bash` command within the `SKILL.md` documentation. While presented as a 'manual update suggestion' to the user, this command allows for arbitrary code execution from an external source (`opencode.dev`), posing a significant supply chain vulnerability. Additionally, the skill utilizes `process.list()` which grants broad visibility into running processes, a powerful capability that, while used for a stated purpose (killing OpenCode instances for update), could be misused.
能力评估
Purpose & Capability
The SKILL.md clearly aims to control OpenCode via the Agent Client Protocol and will run the 'opencode' CLI (e.g., `opencode acp --cwd ...`). However the registry metadata declares no required binaries or install steps. That mismatch (the skill uses an external binary but doesn't declare it) is incoherent and should be explained by the author.
Instruction Scope
Runtime instructions tell the agent to start background processes, write arbitrary JSON-RPC to the process, and poll/kill it. The initialize payload includes clientCapabilities that enable fs readTextFile and writeTextFile — meaning OpenCode (via ACP) can read and write files in whatever working directory you pass. The SKILL.md allows operating on arbitrary project paths chosen at runtime, which is powerful and potentially sensitive. The instructions do not direct data to third-party endpoints, but they do enable broad filesystem access and arbitrary command execution via the local 'opencode' process.
Install Mechanism
There is no install spec (instruction-only), which reduces risk from remote code downloads. However, because the skill relies on an external 'opencode' binary being present and runnable in the agent environment, the lack of declared required binaries or guidance about obtaining a trusted opencode binary is a provenance gap.
Credentials
The skill lists no environment variables or credentials (which is reasonable), but the initialize message requests filesystem read/write capability. That is effectively broad access to the user's workspace even though the manifest declares no special permissions. Also the package metadata shows minor inconsistencies (ownerId/slug/version differ between registry metadata and _meta.json), which reduces confidence in provenance.
Persistence & Privilege
always:false (normal). The skill starts background processes (opencode runs in background) and tracks a processSessionId; such background processes may persist for the duration of a session, which is expected for a controller skill. Autonomous invocation is allowed by default (not a separate red flag), but combined with the filesystem capability this increases potential impact if you allow the agent to act without supervision.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install opencode-acp-control-3 - 安装完成后,直接呼叫该 Skill 的名称或使用
/opencode-acp-control-3触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
- Updated SKILL.md metadata: issue reporting URL changed from the old repository to https://github.com/berriosb/Opencode-Acp-Control/issues.
- No changes to skill features or functionality; documentation and references only.
v0.1.0
Initial release of opencode-acp-control skill.
- Enables direct control of OpenCode via the Agent Client Protocol (ACP).
- Provides commands and step-by-step instructions for session management, sending prompts, polling for responses, resuming conversations, and updating OpenCode.
- Includes robust error handling and timeout strategies.
- Offers clear guidance for listing, resuming, and managing OpenCode sessions and instances.
元数据
常见问题
Opencode Acp Control 是什么?
Control OpenCode directly via the Agent Client Protocol (ACP). Start sessions, send prompts, resume conversations, and manage OpenCode updates. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 678 次。
如何安装 Opencode Acp Control?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install opencode-acp-control-3」即可一键安装,无需额外配置。
Opencode Acp Control 是免费的吗?
是的,Opencode Acp Control 完全免费(开源免费),可自由下载、安装和使用。
Opencode Acp Control 支持哪些平台?
Opencode Acp Control 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Opencode Acp Control?
由 Bastian Nicolas Berrios Alarcon(@berriosb)开发并维护,当前版本 v0.1.1。
推荐 Skills