AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party opencode plugin installation during npm postinstall and grants an opencode agent Discord bridge and moderation capabilities. This is an agent extension lifecycle risk, but source inspection did not show credential exfiltration, stealth persistence, or unrelated remote code execution.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall copies plugin; opencode runtime activates plugin when configured with a Discord bot token
Impact
Installs an opencode plugin and, when configured, allows Discord messages to prompt opencode and opencode tools to manage Discord resources.
Mechanism
opencode Discord bridge plugin with Discord API tools
Rationale
This is not clean because install-time mutation of the opencode plugin surface happens automatically, but it appears to be first-party package-owned extension setup and package-aligned. No concrete malicious chain, exfiltration to unrelated endpoints, destructive install behavior, or remote payload execution was found.
Evidence
package.jsonscripts/copy-plugin.cjsscripts/setup.shsrc/index.tsREADME.md~/.config/opencode/plugins/discord-manager.ts$XDG_CONFIG_HOME/opencode/plugins/discord-manager.ts~/.config/opencode/discord-manager.json$XDG_CONFIG_HOME/opencode/discord-manager.json/tmp/opencode-discord-manager.log
Network endpoints2
discord.com/api/v10${serverUrl}/question/{requestID}/reply
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/copy-plugin.cjs
- scripts/copy-plugin.cjs copies src/index.ts into XDG_CONFIG_HOME/opencode/plugins/discord-manager.ts or ~/.config/opencode/plugins/discord-manager.ts at install time
- src/index.ts bridges Discord messages into opencode session.promptAsync and exposes Discord moderation/channel tools
- src/index.ts can kick/ban users, delete channels, bulk-delete messages via Discord API tools
- src/index.ts writes ~/.config/opencode/discord-manager.json and /tmp/opencode-discord-manager.log
Evidence against
- Behavior is aligned with package description and README Discord bridge setup
- No child_process, eval, Function, native binary, or remote payload loading found
- Network use is limited to Discord API and opencode serverUrl question reply path
- Discord bot token is read from env/config and used as Authorization header to Discord API, not sent to unrelated hosts
- Interactive setup only writes the user-provided Discord token to opencode config
Behavioral surface
EnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/copy-plugin.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgscripts/setup.shView file
•path = scripts/setup.sh
kind = build_helper
sizeBytes = 1854
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/setup.shView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/setup.sh
LowScripts Present
LowFilesystem
LowUrl Strings