Opencode-Ultrathinker is powerful by design. It can read local files, run shell commands, call MCP servers, query remote services, and interact with repositories. Review it like you would review a developer tool with broad local access.
The config intentionally allows common development commands and tool namespaces. That does not mean every permission is safe for every user.
Review especially:
read: allow,edit: ask,- shell allow rules,
- enabled local MCP servers,
desktop_commander_*,github_*,- any tool with file-system or repository write access.
For a conservative setup, start with more ask permissions and loosen them only after repeated safe use.
Local project configs may override the global config. This is useful, but it can also surprise you. When something behaves differently in one repository, check local OpenCode config first.
Lower-risk tools:
- documentation fetchers,
- search tools,
- transcript tools,
- read-only repository ingesters.
Higher-risk tools:
- shell execution,
- desktop automation,
- GitHub write access,
- tools that edit files,
- tools that can read broad local directories,
- tools that call paid APIs.
- Keep destructive actions behind approval.
- Use Git branches for every task.
- Let GitNexus run impact analysis before refactors.
- Let Macrodata remember decisions, but do not store secrets in memory.
- Scrape external sources into temporary files and remove them after use.
- Review diffs before committing.
Check that you did not commit:
- real API keys,
- GitHub tokens,
- provider keys,
- private usernames,
- absolute paths that reveal too much about your machine,
- private project names,
- internal URLs,
- company repositories,
- private prompts or memory files.
The public template should use placeholders such as:
<YOUR_USERNAME><NODE_PATH><NPX_PATH><PYTHON_PATH><GLOBAL_NODE_MODULES_PATH><GITHUB_PERSONAL_ACCESS_TOKEN><BRAVE_API_KEY><YOUTUBE_API_KEY><YOUR_TIMEZONE>