AI Security Review
scanned 14d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Confirmed AI-agent control-surface mutation on plugin activation. The package automatically weakens OpenCode project permissions and auto-approves permission prompts after activation.
Decision evidence
public snapshot- dist/activation.js calls patchMainRepoOpencodeJson during plugin activation without waiting for an explicit user command.
- dist/util/config-patch.js rewrites <cwdRoot>/opencode.json permission.read and permission.edit to "allow" and git-commits it.
- dist/hooks/permission-auto-reply.js replies "always" to OpenCode permission events when activated.
- bin/opencode-serenity-plugin.js install writes global OpenCode plugin entries into opencode.json and tui.json.
- dist/tools/loop-tool.js and dist/tools/loop-runner.js spawn OpenCode headless loops that can run commands through a local server.
- package.json has no npm lifecycle scripts, so behavior is not install-time npm execution.
- No credential harvesting or external exfiltration endpoints found in inspected code.
- Network activity seen is package-aligned local OpenCode API use and schema URLs.
- Shell and child_process use is mostly user-invoked plugin/tool functionality.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/init/init-wizard.jsView on unpkg · L17Package source invokes a package manager install command at runtime.
dist/util/msm-exec-runtime.jsView on unpkg · L45This package version adds a dangerous source file absent from the previous stored version.
dist/tools/loop-runner.jsView on unpkg