AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/index.js` runs setup whenever the OpenCode plugin initializes.
- `dist/lib/personality-command.js` writes `~/.config/opencode/commands/create-personality.md`.
- `dist/lib/personality-skill.js` writes a managed OpenCode skill under `~/.config/opencode/skills/`.
- `dist/lib/legacy-orchestrator-cleanup.js` deletes marker-matched legacy agent files and named cache files.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- The setup is first-party OpenCode configuration, not an npm install-time mutation.
- OAuth/quota traffic is directed at OpenAI/ChatGPT endpoints in the inspected source.
- No credential exfiltration endpoint, eval, shell-string execution, or remote payload loading was found.
- `cache-lock.js` dynamically imports only the declared `proper-lockfile` dependency with a local fallback.
Behavioral surface
SourceChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chainHighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 91 file(s), 704 KB of source, external domains: api.github.com, api.openai.com, auth.openai.com, chat.openai.com, chatgpt.com, github.com, platform.api.openai.org, platform.openai.com, raw.githubusercontent.com, schemas.iam-brain.dev, www.w3.org