AI Security Review
scanned 6h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package has an install-time hook that plants AI-agent skill files into the consumer project's .opencode/skills directory. This is an unconsented lifecycle mutation of a broad agent control surface.
Decision evidence
public snapshot- package.json runs install-time hook: node skills/postinstall.js
- skills/postinstall.js uses process.cwd() and creates .opencode/skills in the installing project
- skills/postinstall.js symlinks or copies package-supplied markdown skills into that OpenCode agent control surface
- Lifecycle mutation is unprompted and not guarded to a first-party extension directory
- lib/index.js only exports CodebaseAnalyzer
- lib/codebase-analyzer.js performs local code metrics using fs/path and fast-glob
- No network APIs, child_process, eval, credential harvesting, or remote payload loading found
- Skill markdown content is code review/refactoring guidance, not direct exfiltration logic
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
skills/postinstall.jsView on unpkg · L5Source fingerprint signature matches a known malicious package signature; route for source-aware review.
lib/codebase-analyzer.jsView on unpkg