AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The main risk is install-time setup of package-owned OpenCode skill files. Runtime browser automation is explicit image-generation functionality and does not show exfiltration or payload execution.
Decision evidence
public snapshot- package.json runs postinstall: node skills/postinstall.js
- skills/postinstall.js creates .opencode/skills and symlinks/copies package markdown as footage-generation-*.md
- lib/browser-generator.js launches Chrome with remote debugging and automates Gemini Images
- lib/browser-generator.js includes human-like typing/delays and rate-limit handling
- mcp-tools.js can spawn _private/cli.js in background for batch image generation
- No credential/env harvesting found in inspected source
- No remote payload download, eval/vm/Function, native binary loading, or destructive file operations found
- Network use is package-aligned: Gemini image generation, googleusercontent image fetches, localhost Chrome debug probe
- Postinstall writes only package-prefixed skill files, not broad foreign agent configuration
- Runtime file writes are user/output artifacts: prompts, PNGs, debug screenshots
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
skills/postinstall.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/overlay.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/browser-generator.jsView on unpkg