AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code fetches an executable from the package's GitHub release and stores it in the package directory without integrity verification. A later explicit `browser-code` invocation executes that binary with the package-owned agent/MCP configuration.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.js` automatically.
- `scripts/postinstall.js` downloads a platform binary, writes it under `opencode/.../dist`, and marks it executable.
- The postinstall downloader has no checksum, signature, or integrity verification.
- `bin/browser-code.cjs` runs that downloaded binary and forces the bundled `.browser-code` agent config.
- `.browser-code/browser-code.jsonc` enables package-provided MCP processes, including native executables and `npx` tools.
- Postinstall targets the package's declared GitHub Releases path, not an unrelated endpoint.
- Postinstall does not execute the downloaded binary or modify user/home/foreign agent configuration.
- No source evidence shows credential harvesting, command-output exfiltration, destructive behavior, or stealth persistence.
- `harness/install-hooks.ts` changes Git hooks only through an explicit user command, not lifecycle execution.
- The flagged LSP downloads in `opencode/.../lsp/server.ts` are feature-triggered language-server setup, not install-time exfiltration.
Source & flagged code
22 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
opencode/packages/llm/test/provider/bedrock-converse.test.tsView on unpkg · L411AWS access key ID in opencode/packages/llm/test/provider/bedrock-converse.test.ts
opencode/packages/llm/test/provider/bedrock-converse.test.tsView on unpkg · L411Package source references child process execution.
bin/browser-code.cjsView on unpkg · L3Package source references dynamic require/import behavior.
bin/browser-code.cjsView on unpkg · L2Package source references shell execution.
opencode/packages/core/src/shell.tsView on unpkg · L18Package source references dynamic code evaluation.
opencode/packages/effect-drizzle-sqlite/src/internal/drizzle-utils.tsView on unpkg · L31Package source references weak cryptographic algorithms.
harness/build_index.tsView on unpkg · L104Source combines credential-like environment material and outbound requests; review data flow before blocking.
opencode/github/index.tsView on unpkg · L9Source executes local commands and sends command output to an external endpoint.
opencode/packages/opencode/src/lsp/server.tsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
opencode/packages/opencode/src/lsp/server.tsView on unpkg · L1Package ships native binary artifacts.
tools/mcp/bin/douyin-0.1.1/douyin.exeView on unpkgPackage ships non-JavaScript build or shell helper files.
opencode/patches/install-korean-ime-fix.shView on unpkgPackage ships high-entropy non-source blobs.
tools/mcp/bin/douyin_0.1.1_windows_amd64.zipView on unpkgPackage ships compressed or archive-like blobs.
tools/mcp/bin/douyin_0.1.1_windows_amd64.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
tools/mcp/bin/douyin_0.1.1_windows_amd64.zipView on unpkgGoogle API key in opencode/packages/http-recorder/test/record-replay.test.ts
opencode/packages/http-recorder/test/record-replay.test.tsView on unpkg · L138Hardcoded password in opencode/packages/http-recorder/test/record-replay.test.ts
opencode/packages/http-recorder/test/record-replay.test.tsView on unpkg · L172Hardcoded password in opencode/packages/http-recorder/test/record-replay.test.ts
opencode/packages/http-recorder/test/record-replay.test.tsView on unpkg · L179Hardcoded password in opencode/packages/opencode/test/server/auth.test.ts
opencode/packages/opencode/test/server/auth.test.tsView on unpkg · L47Hardcoded password in opencode/packages/opencode/test/server/httpapi-listen.test.ts
opencode/packages/opencode/test/server/httpapi-listen.test.tsView on unpkg · L18