registry  /  opencode-setup  /  1.1.12

opencode-setup@1.1.12

Installer OpenCode-skills for ikke-utviklere — GitHub, MCP-servere og mer

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface is present. The package is a user-invoked OpenCode setup CLI that installs agent skills and can invoke npx for organization skills.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `opencode-setup`, optionally selecting all skills or organization skill installation.
Impact
Can modify user AI-agent skill/config surfaces and guide token/MCP setup, but not through npm lifecycle execution or hidden persistence.
Mechanism
interactive AI skill installer with optional npx package fetch
Rationale
Source inspection shows agent-control-surface writes and MCP setup guidance, but they are exposed through an explicit, package-aligned CLI rather than unconsented lifecycle execution. Residual risk is warning-level agent extension capability, not confirmed malware.
Evidence
package.jsonbin/cli.jsskills/install-mcp/SKILL.mdskills/onboarding/SKILL.mdskills/github-setup/SKILL.mdskills/piwik-analytics/SKILL.md~/.agents/skills~/.npmrc~/.config/opencode/opencode.jsonc~/.config/opencode/onboarding-progress.json~/.zshrc
Network endpoints7
npm.pkg.github.comgithub.comid.atlassian.comfigma.comgjensidige.piwik.proastral.shopencode.ai

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/cli.js copies bundled skill directories into `~/.agents/skills`, a broad AI-agent skills surface.
  • bin/cli.js can run `npx --yes skills add gjensidige/skills` via execSync after checking `~/.npmrc`.
  • skills/install-mcp/SKILL.md instructs OpenCode to modify `~/.config/opencode/opencode.jsonc` with MCP servers and tokens.
  • skills/onboarding/SKILL.md instructs reading/writing `~/.config/opencode/onboarding-progress.json` and coordinating MCP setup.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts; activation is explicit bin `opencode-setup`.
  • bin/cli.js is interactive unless `--all` is explicitly supplied and supports `--dry-run`.
  • No credential exfiltration found; `.npmrc` is read only for substring checks.
  • No obfuscation, eval/vm, native binary loading, or hidden import-time execution found.
  • Bundled skills are OpenCode setup/onboarding content aligned with the package purpose.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 7.81 KB of source

Source & flagged code

2 flagged · loading source
bin/cli.jsView file
7import { createInterface } from "readline"; L8: import { execSync } from "child_process"; L9:
High
Child Process

Package source references child process execution.

bin/cli.jsView on unpkg · L7
69if (!isDryRun) { L70: execSync("npx --yes skills add gjensidige/skills", { L71: stdio: "inherit",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli.jsView on unpkg · L69

Findings

3 High1 Medium2 Low
HighChild Processbin/cli.js
HighShell
HighRuntime Package Installbin/cli.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem