AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/cli/install.ts` explicitly writes the global OpenCode plugin list.
- `src/tools.ts` exposes `run_skill_script`, executing a discovered skill script via the OpenCode shell runner.
- `src/cli/uninstall.ts` can purge only this package's cache/config paths when explicitly requested.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- No HTTP client, fetch call, network endpoint, credential collection, eval, or native loader appears in inspected source.
- `src/tools.ts` checks requested files/scripts against discovered skill metadata and uses path-safety checks for reads.
- CLI config mutation is user-invoked through `oas install`, not automatic on package installation.
Source & flagged code
3 flagged · loading source`src/cli/install.ts` explicitly writes the global OpenCode plugin list.
src/cli/install.tsView on unpkg`src/tools.ts` exposes `run_skill_script`, executing a discovered skill script via the OpenCode shell runner.
src/tools.tsView on unpkg`src/cli/uninstall.ts` can purge only this package's cache/config paths when explicitly requested.
src/cli/uninstall.tsView on unpkg