registry  /  opencode-agent-skills-md  /  1.1.0

opencode-agent-skills-md@1.1.0

OpenCode adapter for the opencode-agent-skills-md workspace: plugin factory, host, and the four skill tools.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `oas install` or an OpenCode session invokes `run_skill_script`.
Impact
Can modify the user's OpenCode plugin configuration or execute an approved/discovered skill script with the host agent's shell privileges.
Mechanism
Explicit OpenCode config registration and discovered skill-script execution.
Rationale
Source inspection shows no concrete malicious chain, but the package exposes explicit AI-agent script execution and OpenCode extension configuration. Classify as warn for its dangerous capability/lifecycle surface rather than block.
Evidence
package.jsonsrc/cli/install.tssrc/cli/uninstall.tssrc/cli/config.tssrc/tools.tssrc/host.tssrc/plugin.tsdist/cli.mjsdist/plugin.mjs$OPENCODE_CONFIG_DIR/opencode.json$OPENCODE_CONFIG_DIR/opencode.jsonc~/.cache/opencode/node_modules/opencode-agent-skills-md~/.config/opencode-agent-skills-md

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/cli/install.ts` explicitly writes the global OpenCode plugin list.
  • `src/tools.ts` exposes `run_skill_script`, executing a discovered skill script via the OpenCode shell runner.
  • `src/cli/uninstall.ts` can purge only this package's cache/config paths when explicitly requested.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • No HTTP client, fetch call, network endpoint, credential collection, eval, or native loader appears in inspected source.
  • `src/tools.ts` checks requested files/scripts against discovered skill metadata and uses path-safety checks for reads.
  • CLI config mutation is user-invoked through `oas install`, not automatic on package installation.
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 144 KB of source

Source & flagged code

3 flagged · loading source
src/cli/install.tsView file
Published source reference
Medium
Ai Review Evidence

`src/cli/install.ts` explicitly writes the global OpenCode plugin list.

src/cli/install.tsView on unpkg
src/tools.tsView file
Published source reference
Medium
Ai Review Evidence

`src/tools.ts` exposes `run_skill_script`, executing a discovered skill script via the OpenCode shell runner.

src/tools.tsView on unpkg
src/cli/uninstall.tsView file
Published source reference
Medium
Ai Review Evidence

`src/cli/uninstall.ts` can purge only this package's cache/config paths when explicitly requested.

src/cli/uninstall.tsView on unpkg

Findings

4 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencesrc/cli/install.ts
MediumAi Review Evidencesrc/tools.ts
MediumAi Review Evidencesrc/cli/uninstall.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings