AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. At OpenCode plugin runtime, the package injects context-pruning hooks and a compression tool into the first-party OpenCode extension surface. It writes DCP-owned configuration, prompt defaults, logs, and session state; no install-time behavior or confirmed exfiltration is present.
Decision evidence
public snapshot- `dist/index.js` registers OpenCode chat hooks, a `compress` tool, and mutates the host config object to add command/tool permissions.
- `lib/config.ts` creates `~/.config/opencode/dcp.jsonc` when no global DCP config exists.
- `lib/update.ts` performs a runtime npm-registry version check and can remove a matching wrapper directory for the upstream package name.
- `package.json` has no install lifecycle hook; `prepublishOnly` only builds before publishing.
- Network use is limited to `registry.npmjs.org` metadata lookup; no downloaded code is executed.
- No child-process, shell, eval, VM, or packaged native binary is present or invoked by the shipped entrypoint.
- `lib/auth.ts` reads OpenCode credentials only to attach them to the existing OpenCode client; no exfiltration endpoint exists.
- The auto-update target is `@tarquinen/opencode-dcp`, not this package, so it does not remove this package's own wrapper.
Source & flagged code
3 flagged · loading source`dist/index.js` registers OpenCode chat hooks, a `compress` tool, and mutates the host config object to add command/tool permissions.
dist/index.jsView on unpkg`lib/config.ts` creates `~/.config/opencode/dcp.jsonc` when no global DCP config exists.
lib/config.tsView on unpkg`lib/update.ts` performs a runtime npm-registry version check and can remove a matching wrapper directory for the upstream package name.
lib/update.tsView on unpkg