AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `scripts/install.js` explicit install command downloads a localhost-generated setup script and executes it with shell/PowerShell.
- `scripts/install.js` explicitly runs `npx skills add` against an external Git URL.
- `scripts/opencode_plugin_otel.ts` captures OpenCode system prompts, chat messages, completions, and tool events.
- `scripts/opencode_uploader_client.js` uploads collected session data to configured `AGENT_INSIGHT_HOST`; it permits keyless uploads.
- `scripts/sync_skills.js` downloads dashboard-provided archives into project `.opencode/.claude/.openhands/.deepagents` skill paths.
- `.env.example` contains a non-placeholder Langfuse secret-key value.
- `package.json` lifecycle hook only invokes `scripts/postinstall.js`; it does not invoke skill sync or OpenCode telemetry setup.
- `scripts/postinstall.js` initializes package-owned data/config, Prisma artifacts, and bundled runtime files.
- Telemetry upload requires `AGENT_INSIGHT_HOST`; the uploader exits when no host is configured.
- The OpenCode plugin redacts common secret-key fields before writing telemetry events.
- No hard-coded non-local telemetry host, credential theft logic, obfuscated payload, or foreign agent-control mutation was confirmed during install.
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
public/sync_skills.tsView on unpkg · L9Install-named source file stages remote content through filesystem writes and execution.
scripts/install.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
scripts/postinstall.jsView on unpkg · L81Package ships non-JavaScript build or shell helper files.
.next/standalone/scripts/jiuwen_extension/extension.pyView on unpkgPackage ships high-entropy non-source blobs.
.next/standalone/.next/static/media/KaTeX_Size4-Regular.b211e3d3.woffView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.next/standalone/.next/server/chunks/[root-of-the-server]__a130a0e5._.jsView on unpkgPackage contains source files above the static scanner size ceiling.
.next/standalone/.next/server/chunks/[root-of-the-server]__a130a0e5._.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/opencode_plugin_otel.tsView on unpkg