OpenCode Config Audit

Description

Comprehensive configuration audit skill for OpenCode desktop application. Detects configuration errors, security issues, duplicate files, and optimization opportunities across OpenCode's global configuration directory.

Self-Check Capable: This skill can audit itself and other installed skills.

Triggers

"检查 OpenCode 配置"
"审计 OpenCode"
"OpenCode 配置问题"
"scan OpenCode configuration"
"audit OpenCode"
"检查 Skills 状态"
"Skills 自检"

Capabilities

1. Configuration Validation

Validate opencode.jsonc schema compliance
Check for syntax errors in provider configurations
Verify disabled_providers settings
Detect duplicate or conflicting provider definitions

2. Security Auditing

Detect hardcoded API keys in config files
Verify .env file exists and is protected
Check .gitignore includes sensitive files (.env, .env.*)
Detect exposed credentials in configuration

3. File Management

Detect duplicate node_modules directories
Identify redundant bun.lock files
Find orphaned cache directories
Calculate storage usage by component

4. Provider Health Check

Verify at least one provider is enabled
Check environment variables are configured
Validate model references exist
Ensure no invalid provider names in disabled list

5. Plugin Integrity Check

Verify @opencode-ai/plugin exists in node_modules
Check oh-my-opencode plugin configuration
Validate plugin version compatibility
Check required plugin directories exist

6. Environment Variable Validation

Verify VOLCANO_API_KEY is set in environment
Check API key format validity (non-empty)
Validate required env vars for configured providers
Detect missing environment variables

7. Log Health Check

Scan ~/.cache/opencode/ for log files
Check for recent error/warn日志 entries
Detect log file size anomalies
Identify repeated error patterns

8. Provider Connectivity Check

Validate API endpoint accessibility (optional, requires network)
Verify model configuration matches provider capabilities
Test provider authentication (dry-run)
Check for timeout or connection errors

9. Skills Self-Check

Validate .skill-lock.json format and integrity
Verify skill registration in lock file
Check ~/.agents/skills/ directory structure
Validate ~/skills/ local backup integrity
Detect duplicate skill installations
Verify SKILL.md files exist and are valid
Check skill source URLs are accessible (optional)
Report orphaned skills (in lock but missing files)

Problem Categories

🔴 Critical (Fix Immediately)

All providers disabled → OpenCode won't work
Hardcoded API keys → Security vulnerability
Invalid JSON syntax → Configuration fails to load
Missing required environment variables
Plugin directory missing or corrupted
.skill-lock.json is corrupted or missing
Critical skill missing (SKILL.md not found)

🟡 Warning (Review Soon)

Missing .env protection in .gitignore
Duplicate provider definitions
Unknown provider names in disabled list
Large log files detected
Outdated plugin version
Provider connectivity issues
Orphaned skill in lock file (missing files)
Duplicate skill installations
Skills backup missing in ~/skills/

🟢 Info (Optional Optimization)

Duplicate node_modules (cleanup candidate)
Old cache files
Unused provider configurations
Log file growth warnings
Verbose logging enabled
Skill has remote update available

Installation

npx skills add YOUR_GITHUB_USERNAME/opencode-config-audit

Or add to your skills configuration:

{
  "skills": ["YOUR_GITHUB_USERNAME/opencode-config-audit"]
}

Dependencies

Read access to ~/.config/opencode/
Read access to ~/.cache/opencode/ (if exists)
Read access to ~/.agents/ (for skills check)
Read access to ~/skills/ (for backup check)
Read access to home directory
Optional: Network access for connectivity checks

Version

1.2.0 - Added Skills self-check capability

Author

User-installed skill for OpenCode maintenance

opencode-config-audit

Safety Notice

Copy this and send it to your AI assistant to learn