← 返回 Skills 市场
jlin53882

OpenCode HTTP API

作者 jlin53882 · GitHub ↗ · v2.2.0 · MIT-0
cross-platform ⚠ suspicious
164
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install opencode-api
功能描述
透過 HTTP API 呼叫 OpenCode Server 進行 code review、程式碼分析與編碼任務。 涵蓋:Agents(4種模式+自訂代理)、Custom Tools(TypeScript)、Formatters(ruff/biome)、 Skills(載入技能)、SDK(完整 API,含結構化輸...
安全使用建议
This skill is a reasonably coherent SDK for talking to an OpenCode server, but it explicitly expects to read project files, inject project context into sessions, and (via plugins/hooks) can set shell env vars and automatically add prompts. Before installing: - Inspect the included scripts (scripts/opencode_*.py) to confirm they do only what you expect. - Do not point the skill at remote provider endpoints or set API keys unless you trust the remote service; avoid entering secrets into prompts. - Avoid using auto_start or auto-injecting hooks until you audit them; run the client in an isolated environment or VM first. - Restrict OpenCode permissions (bash/read/edit) and deny webfetch/websearch if you want to limit outbound data flow. - If you will use it with private repos, ensure sessions are not auto-shared and revoke any share URLs after use. If you want a lower-risk test: run the client against a local, isolated OpenCode instance with no external providers and no saved creds, and verify behavior before enabling it for real projects.
功能分析
Type: OpenClaw Skill Name: opencode-api Version: 2.2.0 The skill bundle provides a comprehensive Python SDK and CLI wrappers to interface with an 'OpenCode' server for automated code review and analysis. It possesses high-risk capabilities, including arbitrary shell execution (via the 'bash' tool), broad file system access (read/write/edit), and a session-sharing feature that uploads data to an external domain (opncd.ai). While these features are plausibly needed for the stated purpose of a coding assistant and the documentation includes security-conscious configurations (such as a permission system that defaults to denying access to .env files in references/permissions.md), the presence of these risky capabilities without clear malicious intent necessitates a suspicious classification according to the provided criteria. Specific files involved include opencode_client.py, opencode_task.py, and opencode_review.py.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
Name/description (OpenCode HTTP API for code review / agents / SDK / formatters) align with the included materials: SKILL.md, Python client scripts, and many reference docs describing the OpenCode HTTP API, sessions, agents and providers. The provided scripts and references are consistent with a client/SDK for a local OpenCode server and code-review workflows.
Instruction Scope
Runtime instructions explicitly tell the agent to import local scripts (sys.path.insert into C:/Users/admin/.openclaw/workspace/skills/opencode-api/scripts), to include precise local project paths and environment details in prompts, and to run tests via a project's .venv. Reference plugin examples include session-created hooks that automatically inject project context into sessions and shell hooks that set env vars. Those behaviors legitimately support code review, but they also instruct reading local filesystem context and automatically adding it to requests—this broad file/context access is significant and could leak secrets or sensitive code if misused or if a remote provider is configured.
Install Mechanism
No install spec — instruction-only with included Python scripts and many doc files. Nothing is downloaded from arbitrary URLs and there is no package-install step in the skill manifest. The presence of scripts means code will be present on disk when the skill is installed; that is expected for an SDK-style skill, but you should inspect those scripts before running.
Credentials
The skill does not declare required environment variables or credentials, which is plausible for a local HTTP API client. However the docs reference many optional environment variables and provider/API-key patterns (OPENCODE_SERVER_PASSWORD, MINIMAX_API_KEY, {env:MY_API_KEY}, remote MCP URLs). The ability to configure remote providers and pass API keys is necessary for cross-server model providers, but it means the skill can be pointed at remote endpoints that may receive project content—confirm any provider/API keys and endpoints before use.
Persistence & Privilege
always:false (no forced global inclusion). The skill includes examples of plugin hooks that run on session events (e.g., 'session.created' injecting context, 'shell.env' setting env vars) and notes that OpenCode can run bun install for plugins—these are normal plugin capabilities but give the skill potential to modify session behavior and auto-inject data. Autonomous invocation is allowed by default (platform default) and combined with hooks could broaden impact; however there is no explicit always:true or other privileged flag in the manifest.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install opencode-api
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /opencode-api 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.0
新增 code-review-prompt.md(11 面向審查框架);更新 opencode_review.py(完整 prompt + Minecraft-Translate 語境)
v2.1.0
全面重構:新增 sdk.md、agents.md、plugins.md、server.md;更新 api-reference、case-studies、models;精簡 SKILL.md 至 8KB;references/ 目錄化索引
v2.0.0
Fix: send_message() model parameter must be object {name,providerID,modelID,reasoningEffort} not string. Fixes HTTP 400 error.
v1.0.2
完整重建:opencode_client.py + opencode_review.py + opencode_task.py;同步全部 workspace
v1.0.1
重建並同步至全部 workspace
v1.0.0
opencode-api v1.0.0 - Initial release of the skill for integrating with OpenCode Server via HTTP API. - Enables OpenClaw agents to automate code review and coding tasks. - Supports flexible usage via Python scripts or direct module import. - Provides multi-model and reasoning depth selection. - Includes built-in error handling and auto-start of OpenCode Server. - Comprehensive documentation and integration examples included.
元数据
Slug opencode-api
版本 2.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

OpenCode HTTP API 是什么?

透過 HTTP API 呼叫 OpenCode Server 進行 code review、程式碼分析與編碼任務。 涵蓋:Agents(4種模式+自訂代理)、Custom Tools(TypeScript)、Formatters(ruff/biome)、 Skills(載入技能)、SDK(完整 API,含結構化輸... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 164 次。

如何安装 OpenCode HTTP API?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install opencode-api」即可一键安装,无需额外配置。

OpenCode HTTP API 是免费的吗?

是的,OpenCode HTTP API 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenCode HTTP API 支持哪些平台?

OpenCode HTTP API 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenCode HTTP API?

由 jlin53882(@jlin53882)开发并维护,当前版本 v2.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论