registry  /  agent-teamwork  /  1.0.0

agent-teamwork@1.0.0

Cài 1 lần — dùng mọi project. Bấm Tab để có Manager điều phối worker song song ngay trong opencode TUI.

AI Security Review

scanned 7h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `agent-teamwork` CLI installs a first-party OpenCode extension into the user's home configuration. At runtime it launches local worker servers, copies local OpenCode auth into per-worker temporary state, and sends work through localhost APIs.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `npx agent-teamwork` or the package bin, then uses its OpenCode manager tools.
Impact
Changes the user's OpenCode plugin, agent, and permission configuration; spawned workers may use the user's existing OpenCode authentication under normal OpenCode permissions.
Mechanism
Explicit OpenCode extension installation and local authenticated worker orchestration.
Rationale
This is not concrete malicious behavior, but explicit user-command setup modifies an AI-agent control surface and creates authenticated worker processes. It warrants a warning rather than a publish block.
Evidence
package.jsoninstall.shopencode/plugins/agent-teamwork.tsopencode/plugins/agent-teamwork-scheduler.tsworker.jsonmanager.json~/.config/opencode/opencode.json~/.config/opencode/plugins/agent-teamwork.ts~/.config/opencode/plugins/agent-teamwork-scheduler.ts~/.config/opencode/worker.json~/.config/opencode/agents/manager.md~/.local/share/opencode/auth.json/tmp/oc-<port>/opencode/auth.json
Network endpoints1
127.0.0.1:<dynamic-port>

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `install.sh` explicitly writes `~/.config/opencode/opencode.json` and installs plugins/manager config.
  • `opencode/plugins/agent-teamwork.ts` copies OpenCode `auth.json` into isolated `/tmp/oc-<port>` worker state.
  • The plugin spawns local `opencode serve` worker processes and routes manager-controlled tasks to them.
Evidence against
  • `package.json` `postinstall` only prints an instruction; it performs no mutation.
  • All plugin HTTP calls target `127.0.0.1`; no external exfiltration endpoint is present.
  • No remote payload loading, shell interpolation of user input, credential transmission, or destructive project-file behavior was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 57.2 KB of source, external domains: 127.0.0.1

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = echo "agent-teamwork: chạy 'npx agent-teamwork' để cài vào ~/.config/opencode"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
install.shView file
path = install.sh kind = build_helper sizeBytes = 2991 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

1 High4 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings