AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked onboarding CLI configures a target project's OpenCode/agent environment and installs selected external tooling. Bundled OpenCode plugins later write project-local agent variant and monitor state files at OpenCode startup; no unconsented npm lifecycle execution is present.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `opencode-onboard` CLI/wizard, then opens the configured OpenCode project.
Impact
Can alter `.opencode`/`.agents` control surfaces and cause external tools or plugins to be installed in the opted-in project environment.
Mechanism
Project-local AI-agent configuration, extension setup, and runtime package-manager commands.
Rationale
Source inspection confirms deliberate user-command agent-extension setup with runtime install capability, not malware. Flag as warn because it modifies and extends a project AI-agent control surface and executes package-manager installers after user invocation.
Evidence
package.jsonsrc/index.jssrc/steps/copy/index.jssrc/steps/copy/opencode-json.jssrc/steps/browser/index.jscontent/.opencode/plugins/ob-subagent-tiers.js.opencode/opencode.json.opencode/package.json.opencode/tui.json.opencode/plugins/ob-subagent-tiers.js.opencode/plugins/ob-subagent-monitor.js.opencode/agents/*.build.md.opencode/.ob-run.json.agents/skills/
Network endpoints1
models.dev/api.json
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `src/steps/copy/index.js` copies bundled agent/OpenCode content into the current project.
- `src/steps/copy/opencode-json.js` disables built-in OpenCode build/plan agents.
- `content/.opencode/tui.json` loads a bundled TUI plugin; `content/.opencode/plugins/ob-subagent-tiers.js` writes agent variants at OpenCode startup.
- `src/steps/browser/index.js` runs `npx @different-ai/opencode-browser install` and auto-answers installer prompts.
- `src/steps/optimization/index.js` runs `npx skills experimental_install --yes` after selected optimization setup.
Evidence against
- `package.json` has no preinstall, install, postinstall, prepare, or lifecycle hook.
- `src/index.js` exposes the behavior only through an explicitly invoked CLI/wizard.
- `src/utils/models-cache.js` only fetches public model metadata from `https://models.dev/api.json` and caches it locally.
- No source evidence of credential harvesting, exfiltration, eval/vm use, hidden payload download, or destructive behavior outside selected onboarding cleanup.
Behavioral surface
FilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcesrc/utils/exec.jsView file
1import chalk from 'chalk'
L2: import { execa } from 'execa'
L3: import ora from 'ora'
High
src/steps/optimization/index.jsView file
151try {
L152: const result = await execa('npx', ['skills', 'experimental_install', '--yes'], {
L153: cwd: process.cwd(),
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/steps/optimization/index.jsView on unpkg · L151Findings
2 High1 Medium3 Low
HighShellsrc/utils/exec.js
HighRuntime Package Installsrc/steps/optimization/index.js
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings