occ Security Report — Low Risk | ClawSafe

15 /100

occ

Control OpenCode to execute development tasks via CLI

This is a legitimate OpenCode CLI controller that manages development sessions with standard tooling patterns. No malicious behavior detected.

Skill Nameocc

Duration38.0s

Enginepi

✓

Safe to install

This skill is safe to use. Consider pinning axios to a specific version in package.json for improved supply chain hygiene.

Findings 2 items

Severity	Finding	Location
Low	Shell execution not declared in SKILL.md Doc Mismatch The skill uses exec('npm install') and spawn('opencode') but SKILL.md only mentions 'node skills/occ/scripts/bin/opencode-server.js' without declaring shell:WRITE capability `const npmInstall = exec('npm install', { cwd: scriptDir });` → Document shell:WRITE capability and npm install behavior in SKILL.md	`scripts/bin/opencode-server.js:29`
Low	Dependency version not pinned Supply Chain axios uses ^1.6.0 range allowing automatic minor/patch updates `"axios": "^1.6.0"` → Pin to exact version: "axios": "1.6.0"	`scripts/package.json:13`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	npm install writes node_modules
Network	`NONE`	`READ`	✓ Aligned	HTTP requests to localhost:4096-4200
Shell	`NONE`	`WRITE`	✓ Aligned	spawn('opencode') and exec('npm install')
Environment	`NONE`	`READ`	✓ Aligned	Standard PATH lookup for 'opencode' binary

8 files · 14.8 KB · 574 lines

JavaScript 6f · 497L Markdown 1f · 58L JSON 1f · 19L

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 bin

│ │ └─ 📜 opencode-server.js JavaScript 123L · 3.2 KB

│ ├─ ▾ 📁 src

│ │ ├─ ▾ 📁 services

│ │ │ ├─ 📜 message.js JavaScript 174L · 4.7 KB

│ │ │ └─ 📜 session.js JavaScript 47L · 1.2 KB

│ │ ├─ ▾ 📁 utils

│ │ │ ├─ 📜 http.js JavaScript 43L · 991 B

│ │ │ └─ 📜 server.js JavaScript 102L · 2.5 KB

│ │ └─ 📜 index.js JavaScript 8L · 245 B

│ └─ 📋 package.json JSON 19L · 485 B

└─ 📝 SKILL.md Markdown 58L · 1.6 KB

Package	Version	Source	Known Vulns	Notes
`axios`	`^1.6.0`	npm	No	Version range allows updates

✓ All network communication is localhost-only (127.0.0.1)

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No credential harvesting or exfiltration behavior

✓ No obfuscation or base64-encoded payloads

✓ No external IP connections or C2 indicators

✓ Port scanning is documented in SKILL.md

✓ Session management is scoped to local development workflow