AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Confirmed first-party agent skill setup at npm postinstall plus user-invoked browser automation. No concrete malware chain or exfiltration was found, but lifecycle mutation of .opencode skills and rate-limit evasion justify a warning.
Decision evidence
public snapshot- package.json runs postinstall: node skills/postinstall.js.
- skills/postinstall.js creates .opencode/skills and symlinks/copies package markdown skills with footage-generation- prefix.
- lib/browser-generator.js spawns Chrome with remote debugging and a user-data dir.
- lib/browser-generator.js automates gemini.google.com/images and includes anti-rate-limit human simulation.
- mcp-tools.js generate_batch_image writes a temp prompts file and spawns _private/cli.js detached.
- No install-time network access or remote payload download found.
- No credential harvesting, env dumping, or exfiltration logic found.
- Postinstall only links package-owned .md skill files, not arbitrary foreign agent config.
- Main import lib/index.js only exports classes; no import-time execution beyond require.
- Network behavior is runtime/user-invoked and aligned with image generation functionality.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
skills/postinstall.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/overlay.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/browser-generator.jsView on unpkg