| name | opencode-audit |
| description | Audit OpenCode configuration quality, safety, and operability with a 100-point rubric and concrete remediations. |
OpenCode Audit Skill
What this skill does
This skill runs a practical OpenCode audit and outputs:
- a 100-point score with grade
- category-by-category findings
- concrete, ready-to-use commands and config snippets
- a short remediation plan
When to use
Use this skill when the user asks to:
- audit OpenCode setup quality
- improve OpenCode safety and permissions
- review agents, commands, skills, MCP, or plugins
- prepare a hardening checklist before team rollout
Required inputs
- Target repo or config path
- Optional focus area (permissions, agents, skills, runtime checks)
Audit workflow
- Load
references/OPENCODE-AUDIT.md.
- Discover project and global OpenCode files.
- Score all 8 rubric categories.
- Build prioritized findings with evidence paths.
- Produce copy-paste remediation snippets.
- Return total score, grade, and 7-day plan.
Discovery checklist
AGENTS.md, .opencode/AGENTS.md, ~/.config/opencode/AGENTS.md.opencode/config.json, .opencode/opencode.json, .opencode/opencode.jsonc~/.config/opencode/config.json, ~/.config/opencode/opencode.json, ~/.config/opencode/opencode.jsonc.opencode/agents/*.md, ~/.config/opencode/agents/*.md.opencode/commands/*.md, ~/.config/opencode/commands/*.md.opencode/skills/*/SKILL.md, ~/.config/opencode/skills/*/SKILL.md.claude/skills/*/SKILL.md, ~/.claude/skills/*/SKILL.md when present- MCP and plugin sections in config
Output contract
Return in this order:
- Total score and grade.
- Category scores.
- Top findings with severity.
- Ready-to-use fixes.
- 7-day action plan.
Guardrails
- Stay OpenCode-specific; do not use non-OpenCode terminology unless compatibility paths are relevant.
- Do not invent files; only cite discovered paths.
- Keep fixes actionable and minimal.
- Prefer least-privilege recommendations for permissions.
