registry  /  opencode-onboard  /  1.3.5

opencode-onboard@1.3.5

Prepare any codebase for AI. Wires OpenCode, OpenSpec, codegraph, and agentmemory into a multi-agent development workflow powered by native parallel subagents.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked onboarding CLI configures a target project's OpenCode/agent environment and installs selected external tooling. Bundled OpenCode plugins later write project-local agent variant and monitor state files at OpenCode startup; no unconsented npm lifecycle execution is present.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `opencode-onboard` CLI/wizard, then opens the configured OpenCode project.
Impact
Can alter `.opencode`/`.agents` control surfaces and cause external tools or plugins to be installed in the opted-in project environment.
Mechanism
Project-local AI-agent configuration, extension setup, and runtime package-manager commands.
Rationale
Source inspection confirms deliberate user-command agent-extension setup with runtime install capability, not malware. Flag as warn because it modifies and extends a project AI-agent control surface and executes package-manager installers after user invocation.
Evidence
package.jsonsrc/index.jssrc/steps/copy/index.jssrc/steps/copy/opencode-json.jssrc/steps/browser/index.jscontent/.opencode/plugins/ob-subagent-tiers.js.opencode/opencode.json.opencode/package.json.opencode/tui.json.opencode/plugins/ob-subagent-tiers.js.opencode/plugins/ob-subagent-monitor.js.opencode/agents/*.build.md.opencode/.ob-run.json.agents/skills/
Network endpoints1
models.dev/api.json

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/steps/copy/index.js` copies bundled agent/OpenCode content into the current project.
  • `src/steps/copy/opencode-json.js` disables built-in OpenCode build/plan agents.
  • `content/.opencode/tui.json` loads a bundled TUI plugin; `content/.opencode/plugins/ob-subagent-tiers.js` writes agent variants at OpenCode startup.
  • `src/steps/browser/index.js` runs `npx @different-ai/opencode-browser install` and auto-answers installer prompts.
  • `src/steps/optimization/index.js` runs `npx skills experimental_install --yes` after selected optimization setup.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or lifecycle hook.
  • `src/index.js` exposes the behavior only through an explicitly invoked CLI/wizard.
  • `src/utils/models-cache.js` only fetches public model metadata from `https://models.dev/api.json` and caches it locally.
  • No source evidence of credential harvesting, exfiltration, eval/vm use, hidden payload download, or destructive behavior outside selected onboarding cleanup.
Behavioral surface
Source
FilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 38 file(s), 104 KB of source, external domains: github.com, models.dev, opencode.ai

Source & flagged code

2 flagged · loading source
src/utils/exec.jsView file
1import chalk from 'chalk' L2: import { execa } from 'execa' L3: import ora from 'ora'
High
Shell

Package source references shell execution.

src/utils/exec.jsView on unpkg · L1
src/steps/optimization/index.jsView file
151try { L152: const result = await execa('npx', ['skills', 'experimental_install', '--yes'], { L153: cwd: process.cwd(),
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/steps/optimization/index.jsView on unpkg · L151

Findings

2 High1 Medium3 Low
HighShellsrc/utils/exec.js
HighRuntime Package Installsrc/steps/optimization/index.js
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings