AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious package attack surface. At runtime it discovers skills and injects OpenCode session guidance; its explicit script tool can run a selected executable belonging to a discovered skill.
Decision evidence
public snapshot- `src/tools.ts` exposes `run_skill_script`, which executes executable files discovered inside user/project skill directories.
- `src/plugin.ts` injects synthetic skill guidance into OpenCode chat sessions and can modify native tool descriptions when an opt-in environment flag is set.
- `src/skills.ts` and `src/claude.ts` read configured project and `~/.claude` skill/plugin directories.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- No package code uses network clients/endpoints, credential harvesting, dynamic code loading, or destructive filesystem APIs.
- `run_skill_script` requires an explicit tool call, restricts scripts to discovered executable files, quotes arguments, and applies a timeout.
- `src/tools.ts` realpath-checks requested skill files to prevent reads outside a selected skill directory.
- The shipped `dist/src/*.js` maps to the included TypeScript sources; no extra binary/native artifacts were found.
Source & flagged code
3 flagged · loading source`src/tools.ts` exposes `run_skill_script`, which executes executable files discovered inside user/project skill directories.
src/tools.tsView on unpkg`src/plugin.ts` injects synthetic skill guidance into OpenCode chat sessions and can modify native tool descriptions when an opt-in environment flag is set.
src/plugin.tsView on unpkg`src/skills.ts` and `src/claude.ts` read configured project and `~/.claude` skill/plugin directories.
src/skills.tsView on unpkg