registry  /  @jimmyyen/opencode-speak-human-tw  /  1.6.0

@jimmyyen/opencode-speak-human-tw@1.6.0

說人話:繁體中文的去 AI 味改寫 skill for OpenCode. Based on Raymond Hou (雷蒙三十) 的 speak-human-tw.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The OpenCode plugin activates a background self-update routine at runtime. It can contact npm and modify the local install root by installing a newer copy of itself.

Static reason
No blocking static signals were detected.
Trigger
Loading `.opencode/plugins/speak-human-tw.mjs` in OpenCode.
Impact
A package update can alter the local project/install state without an explicit update command.
Mechanism
runtime silent npm self-update
Rationale
No concrete malicious chain was found, but import-triggered silent self-updating modifies local state and changes future code without an explicit user update action. This warrants a warning rather than a block.
Evidence
package.json.opencode/plugins/speak-human-tw.mjssrc/auto-update.mjs.opencode/commands/speak-human-tw.md.opencode/commands/說人話.mdskills/speak-human-tw/SKILL.mdlast-update-check.json
Network endpoints1
registry.npmjs.org/@jimmyyen%2fopencode-speak-human-tw/latest

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/auto-update.mjs` runs an automatic update check when the plugin loads.
  • It fetches the package’s `latest` metadata from the npm registry after a 5-second delay.
  • On a newer version, it silently spawns `npm install @jimmyyen/opencode-speak-human-tw@latest --no-save --ignore-scripts`.
  • It writes `last-update-check.json` in the detected install root.
Evidence against
  • `package.json` has no npm lifecycle scripts.
  • The only network endpoint is the package-aligned npm registry.
  • The spawned install targets only this package and disables lifecycle scripts.
  • No credential harvesting, external exfiltration, eval, payload download, or destructive file operation was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.35 KB of source, external domains: registry.npmjs.org

Source & flagged code

1 flagged · loading source
src/auto-update.mjsView file
Published source reference
Medium
Ai Review Evidence

`src/auto-update.mjs` runs an automatic update check when the plugin loads.

src/auto-update.mjsView on unpkg

Findings

6 Medium2 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencesrc/auto-update.mjs
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowFilesystem
LowUrl Strings