No confirmed malicious attack surface was found. The package is an OpenCode plugin that manages supervised task worktrees, helper sessions, update checks, and user-commanded task workflows.
Static reason
No blocking static signals were detected.
Trigger
User installs/enables the OpenCode plugin and invokes Kagan task/update workflows.
Impact
Expected project workflow changes: creates task worktrees, writes plugin config inside those worktrees, can run user-configured checks/setup commands, and can prepare package-scoped updates.
Mechanism
OpenCode plugin for task orchestration, git worktrees, guarded helper sessions, and package-scoped update preparation
Rationale
Static inspection shows package-aligned OpenCode plugin behavior with explicit user/plugin workflow triggers and no npm lifecycle execution or unconsented broad agent-control mutation. Risky primitives such as shell execution, config writes, and update cache mutation are bounded to user-configured checks, plugin-created worktrees, or validated @kagan-sh/kagan update paths.
Evidence
package.jsonREADME.mddist/tui.jsdist/server.jsdist/git/runner.jsdist/checks/runner.jsdist/tui/updates.jsdist/tui/update-manager.jsdist/tui/update-paths.jsdist/server/intake.jsdist/server/validator/spawn.jsdist/tui/tasks/create.js~/.kagan/worktrees/<hash>/<slug>