registry  /  opencode-discord-manager  /  0.1.0

opencode-discord-manager@0.1.0

Discord bridge plugin for opencode — relay channels and auto-DM

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party opencode plugin installation during npm postinstall and grants an opencode agent Discord bridge and moderation capabilities. This is an agent extension lifecycle risk, but source inspection did not show credential exfiltration, stealth persistence, or unrelated remote code execution.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall copies plugin; opencode runtime activates plugin when configured with a Discord bot token
Impact
Installs an opencode plugin and, when configured, allows Discord messages to prompt opencode and opencode tools to manage Discord resources.
Mechanism
opencode Discord bridge plugin with Discord API tools
Rationale
This is not clean because install-time mutation of the opencode plugin surface happens automatically, but it appears to be first-party package-owned extension setup and package-aligned. No concrete malicious chain, exfiltration to unrelated endpoints, destructive install behavior, or remote payload execution was found.
Evidence
package.jsonscripts/copy-plugin.cjsscripts/setup.shsrc/index.tsREADME.md~/.config/opencode/plugins/discord-manager.ts$XDG_CONFIG_HOME/opencode/plugins/discord-manager.ts~/.config/opencode/discord-manager.json$XDG_CONFIG_HOME/opencode/discord-manager.json/tmp/opencode-discord-manager.log
Network endpoints2
discord.com/api/v10${serverUrl}/question/{requestID}/reply

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/copy-plugin.cjs
  • scripts/copy-plugin.cjs copies src/index.ts into XDG_CONFIG_HOME/opencode/plugins/discord-manager.ts or ~/.config/opencode/plugins/discord-manager.ts at install time
  • src/index.ts bridges Discord messages into opencode session.promptAsync and exposes Discord moderation/channel tools
  • src/index.ts can kick/ban users, delete channels, bulk-delete messages via Discord API tools
  • src/index.ts writes ~/.config/opencode/discord-manager.json and /tmp/opencode-discord-manager.log
Evidence against
  • Behavior is aligned with package description and README Discord bridge setup
  • No child_process, eval, Function, native binary, or remote payload loading found
  • Network use is limited to Discord API and opencode serverUrl question reply path
  • Discord bot token is read from env/config and used as Authorization header to Discord API, not sent to unrelated hosts
  • Interactive setup only writes the user-provided Discord token to opencode config
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 42.7 KB of source, external domains: discord.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/copy-plugin.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts/setup.shView file
path = scripts/setup.sh kind = build_helper sizeBytes = 1854 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/setup.shView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/setup.sh
LowScripts Present
LowFilesystem
LowUrl Strings