registry  /  @bip-krishna/opencode-wiki  /  1.0.2

@bip-krishna/opencode-wiki@1.0.2

One-command setup: pre-configures OpenCode with the NITC Wiki MCP server (wiki.fosscell.org)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. User-invoked setup CLI for an OpenCode wiki MCP integration. It modifies OpenCode config and may install opencode-ai globally, but does not run during npm install.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs opencode-wiki, npx @bip-krishna/opencode-wiki, or npm start
Impact
Registers a MediaWiki MCP server for wiki.fosscell.org and creates backups of existing OpenCode config files; no confirmed unconsented install-time hijack or exfiltration.
Mechanism
OpenCode MCP config writer with package-manager install fallback
Rationale
The package has risky agent-extension setup capabilities, including child_process, a global npm install, and MCP registration, but these are explicit CLI behavior and documented in README.md. Static inspection found no lifecycle execution, credential theft, exfiltration, persistence outside OpenCode config, or destructive behavior.
Evidence
package.jsonbin/setup.jsREADME.md~/.config/opencode~/.config/opencode/wiki-mcp-config.json~/.config/opencode/wiki-mcp-config.json.bak~/.config/opencode/opencode.json~/.config/opencode/opencode.json.bak
Network endpoints3
wiki.fosscell.orgopencode.ai/config.jsonraw.githubusercontent.com/bip-krishna/opencode/dev/scripts/quickstart.sh

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json exposes bin opencode-wiki -> ./bin/setup.js and start runs it
  • bin/setup.js uses execSync for opencode --version and npm install -g opencode-ai
  • bin/setup.js writes ~/.config/opencode/wiki-mcp-config.json and opencode.json
  • opencode config registers npx -y @professional-wiki/mediawiki-mcp-server@0.10.0
Evidence against
  • No install/preinstall/postinstall lifecycle hook; setup is user-invoked
  • README documents the same OpenCode config writes and global install behavior
  • No credential harvesting; username/password are null placeholders unless user edits config
  • No obfuscation, eval/vm/Function, native binary loading, or destructive behavior found
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.42 KB of source, external domains: opencode.ai, raw.githubusercontent.com, wiki.fosscell.org

Source & flagged code

3 flagged · loading source
bin/setup.jsView file
1#!/usr/bin/env node L2: import { execSync } from "child_process"; L3: import { existsSync, mkdirSync, writeFileSync, readFileSync } from "fs";
High
Child Process

Package source references child process execution.

bin/setup.jsView on unpkg · L1
70console.log(" " + WIKI_CONFIG); L71: console.log("\n For interactive setup: bash -c \"$(curl -fsSL https://raw.githubusercontent.com/bip-[redacted].sh)\""); L72: console.log("");
High
Shell

Package source references shell execution.

bin/setup.jsView on unpkg · L70
19console.log(" Installing opencode-ai..."); L20: execSync("npm install -g opencode-ai", { stdio: "inherit" }); L21: console.log(" \u2713 Installed opencode-ai\n");
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/setup.jsView on unpkg · L19

Findings

3 High3 Low
HighChild Processbin/setup.js
HighShellbin/setup.js
HighRuntime Package Installbin/setup.js
LowScripts Present
LowFilesystem
LowUrl Strings