registry  /  @qdang46/opencode-dcp-plugin  /  1.0.0

@qdang46/opencode-dcp-plugin@1.0.0

OpenCode plugin that optimizes token usage by pruning obsolete tool outputs from conversation context (full parity port of @tarquinen/opencode-dcp, rebranded as ◆ DCP rust)

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. At OpenCode plugin runtime, the package injects context-pruning hooks and a compression tool into the first-party OpenCode extension surface. It writes DCP-owned configuration, prompt defaults, logs, and session state; no install-time behavior or confirmed exfiltration is present.

Static reason
No blocking static signals were detected.
Trigger
OpenCode loads the installed server plugin.
Impact
The plugin can alter OpenCode conversation context and host runtime tool configuration while active.
Mechanism
Runtime OpenCode extension registration with local DCP configuration and context mutation.
Rationale
This is a first-party OpenCode agent extension with runtime config/tool mutation and local persistence, creating a platform-extension lifecycle risk. Inspection found no install-time execution, credential exfiltration, remote payload execution, or stealth persistence.
Evidence
package.jsondist/index.jslib/config.tslib/prompts/store.tslib/state/persistence.tslib/update.tslib/auth.ts~/.config/opencode/dcp.jsonc~/.local/share/opencode/storage/plugin/dcp/{sessionId}.json
Network endpoints1
registry.npmjs.org/@tarquinen%2Fopencode-dcp/latest

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/index.js` registers OpenCode chat hooks, a `compress` tool, and mutates the host config object to add command/tool permissions.
  • `lib/config.ts` creates `~/.config/opencode/dcp.jsonc` when no global DCP config exists.
  • `lib/update.ts` performs a runtime npm-registry version check and can remove a matching wrapper directory for the upstream package name.
Evidence against
  • `package.json` has no install lifecycle hook; `prepublishOnly` only builds before publishing.
  • Network use is limited to `registry.npmjs.org` metadata lookup; no downloaded code is executed.
  • No child-process, shell, eval, VM, or packaged native binary is present or invoked by the shipped entrypoint.
  • `lib/auth.ts` reads OpenCode credentials only to attach them to the existing OpenCode client; no exfiltration endpoint exists.
  • The auto-update target is `@tarquinen/opencode-dcp`, not this package, so it does not remove this package's own wrapper.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 74 file(s), 630 KB of source, external domains: raw.githubusercontent.com, registry.npmjs.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/index.js` registers OpenCode chat hooks, a `compress` tool, and mutates the host config object to add command/tool permissions.

dist/index.jsView on unpkg
lib/config.tsView file
Published source reference
Medium
Ai Review Evidence

`lib/config.ts` creates `~/.config/opencode/dcp.jsonc` when no global DCP config exists.

lib/config.tsView on unpkg
lib/update.tsView file
Published source reference
Medium
Ai Review Evidence

`lib/update.ts` performs a runtime npm-registry version check and can remove a matching wrapper directory for the upstream package name.

lib/update.tsView on unpkg

Findings

5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidencelib/config.ts
MediumAi Review Evidencelib/update.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings