AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface is present. The package is a user-invoked OpenCode setup CLI that installs agent skills and can invoke npx for organization skills.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `opencode-setup`, optionally selecting all skills or organization skill installation.
Impact
Can modify user AI-agent skill/config surfaces and guide token/MCP setup, but not through npm lifecycle execution or hidden persistence.
Mechanism
interactive AI skill installer with optional npx package fetch
Rationale
Source inspection shows agent-control-surface writes and MCP setup guidance, but they are exposed through an explicit, package-aligned CLI rather than unconsented lifecycle execution. Residual risk is warning-level agent extension capability, not confirmed malware.
Evidence
package.jsonbin/cli.jsskills/install-mcp/SKILL.mdskills/onboarding/SKILL.mdskills/github-setup/SKILL.mdskills/piwik-analytics/SKILL.md~/.agents/skills~/.npmrc~/.config/opencode/opencode.jsonc~/.config/opencode/onboarding-progress.json~/.zshrc
Network endpoints7
npm.pkg.github.comgithub.comid.atlassian.comfigma.comgjensidige.piwik.proastral.shopencode.ai
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- bin/cli.js copies bundled skill directories into `~/.agents/skills`, a broad AI-agent skills surface.
- bin/cli.js can run `npx --yes skills add gjensidige/skills` via execSync after checking `~/.npmrc`.
- skills/install-mcp/SKILL.md instructs OpenCode to modify `~/.config/opencode/opencode.jsonc` with MCP servers and tokens.
- skills/onboarding/SKILL.md instructs reading/writing `~/.config/opencode/onboarding-progress.json` and coordinating MCP setup.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts; activation is explicit bin `opencode-setup`.
- bin/cli.js is interactive unless `--all` is explicitly supplied and supports `--dry-run`.
- No credential exfiltration found; `.npmrc` is read only for substring checks.
- No obfuscation, eval/vm, native binary loading, or hidden import-time execution found.
- Bundled skills are OpenCode setup/onboarding content aligned with the package purpose.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
Source & flagged code
2 flagged · loading sourcebin/cli.jsView file
7import { createInterface } from "readline";
L8: import { execSync } from "child_process";
L9:
High
69if (!isDryRun) {
L70: execSync("npx --yes skills add gjensidige/skills", {
L71: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L69Findings
3 High1 Medium2 Low
HighChild Processbin/cli.js
HighShell
HighRuntime Package Installbin/cli.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem