AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit CLI for setting up an OpenCode-centered AI coding environment. It mutates local project instructions and user OpenCode configuration and installs several external tools, but this is invoked by profile init/up rather than npm install lifecycle hooks.
Decision evidence
public snapshot- src/tools.js writes $HOME/.config/opencode/opencode.json with an enabled open-design MCP config.
- src/tools.js runs user-command tool installers: npx github:JuliusBrussee/caveman, npm install -g rtk, pip install graphifyy, git clone open-design, docker compose.
- src/commands/init.js default command installs OpenCode globally when missing and then runs setupAll unless --minimal/--dry-run is used.
- src/commands/sync.js fetches remote AGENTS.md text from raw.githubusercontent.com and writes generated AGENTS.md into the current project.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly runs tests/version check before publishing.
- bin/profile.js only dispatches explicit CLI commands; risky setup is user-invoked at runtime, not install-time.
- No credential harvesting, secret file reads, broad filesystem traversal, or exfiltration endpoints found.
- Network use is aligned with the stated AI coding environment setup/update behavior.
- Shell commands are fixed strings or package-controlled tool commands, not attacker-supplied user input.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/tools.jsView on unpkgPackage source invokes a package manager install command at runtime.
src/commands/init.jsView on unpkg · L25