AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. When OpenCode loads the configured plugin, it synchronizes its first-party agent assets into the workspace and can overwrite differing instruction files with backups. Separate explicit commands can import remote skills or install MCP packages.
Decision evidence
public snapshot- `scripts/index.js` invokes `applySync()` on OpenCode plugin load.
- `scripts/sync.js` overwrites differing `AGENTS.md` and `.opencode/{agents,commands,rules}` files, creating one `.bak` backup.
- `scripts/download-skill.js` downloads/clones user-supplied sources and copies skills after basic scans.
- `scripts/mcp.js` runs `npm install` under an explicit CLI install command.
- `package.json` has only `prepare: husky`; no `preinstall`, `install`, or `postinstall`.
- `scripts/env-check.js` reports whether variables are set, not their values.
- No inspected `eval`/VM/native loader, credential exfiltration, or hard-coded exfiltration endpoint.
- Remote skill importing requires an explicit user command and prompts on detected patterns.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
scripts/env-check.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/download-skill.jsView on unpkgPackage source references dynamic require/import behavior.
scripts/test-perf.jsView on unpkg · L50Package source invokes a package manager install command at runtime.
scripts/validate.jsView on unpkg · L29Package ships non-JavaScript build or shell helper files.
scripts/render-social-preview.shView on unpkg