Is karatla/opencode-controller safe?

https://github.com/openclaw/skills/tree/main/skills/karatla/opencode-controller

78
CAUTION

This skill provides functionality to control an external coding tool called 'Opencode' through slash commands and appears legitimate in its stated purpose. However, during installation it attempted to access multiple sensitive credential files including SSH keys, AWS credentials, and environment files, which represents a significant security concern.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 25/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (3)

HIGH Unauthorized access to sensitive credential files -75

The skill attempted to access multiple sensitive credential files during installation, including .env, SSH private keys, AWS credentials, Docker configuration, GCloud credentials, and NPM registry configuration. While no exfiltration was detected, this behavior indicates the skill may be designed to harvest credentials.

MEDIUM Credential reconnaissance behavior -30

The systematic access to multiple credential files suggests this skill may be performing reconnaissance to identify available credentials for potential misuse. This behavior is concerning even if the current implementation doesn't successfully exfiltrate data.

INFO Legitimate external tool integration 0

The skill appears to provide legitimate instructions for controlling an external coding tool called 'Opencode' with appropriate user confirmation prompts.