AI Security Review
scanned 8d ago · by lpm-firewall-aiThe package installs and runs a native CLI binary, which is a higher-risk but package-aligned behavior. No confirmed malicious attack surface is established from source inspection.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invocation of ocv runs the installed binary.
Impact
Installs a package-owned executable under bin/.ocv and later delegates CLI arguments to it.
Mechanism
platform-specific binary download and CLI wrapper execution
Rationale
The install-time download and child_process wrapper are suspicious primitives, but they are limited to package-owned binary installation from a package-aligned GitHub releases endpoint with no exfiltration, persistence, destructive behavior, or broad agent control-surface mutation in source. Environment overrides are explicit user-controlled configuration paths rather than hidden attack behavior.
Evidence
package.jsonpostinstall.cjsbin/ocvREADME.mdbin/.ocvbin/.ocv.exe
Network endpoints1
github.com/leohenon/opencode-vim/releases/download
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- postinstall.cjs downloads a platform binary at install time from GitHub releases and writes it to bin/.ocv.
- postinstall.cjs allows OCV_RELEASE_BASE_URL to override the release download base URL.
- bin/ocv executes bin/.ocv via child_process.spawnSync, and OCV_BIN_PATH can redirect the executed binary.
Evidence against
- package.json has only one lifecycle hook: postinstall runs local postinstall.cjs.
- Download host defaults to package-aligned https://github.com/leohenon/opencode-vim/releases/download.
- postinstall.cjs only selects OS/arch-specific asset names and writes the package-owned executable path bin/.ocv.
- No credential harvesting, env dumping, persistence, destructive file operations, or AI-agent config mutation found in inspected files.
- README describes the package as an ocv/OpenCode fork CLI wrapper, consistent with a native binary installer.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./postinstall.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./postinstall.cjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings