AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates OpenCode's global agent/plugin control surface automatically during npm postinstall. It registers itself, injects AGENTS.md instructions, and copies executable plugin code into the user's OpenCode plugin directory without a separate user command.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/postinstall.mjs
- scripts/postinstall.mjs writes ~/.config/opencode/opencode.json during npm install
- scripts/postinstall.mjs appends/creates ~/.config/opencode/AGENTS.md with package instructions
- scripts/postinstall.mjs copies package dist into ~/.config/opencode/plugins/skill-finder
- dist/registry/adapters/agentskillsh-adapter.js can run npx @agentskill.sh/cli@latest setup on explicit install tool use
- No credential harvesting or environment secret enumeration found
- No install-time network fetch or remote payload execution in scripts/postinstall.mjs
- Runtime fetch endpoints are skill marketplace APIs aligned with package purpose
- Child_process use appears limited to user-invoked skill installation adapters
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/registry/adapters/agentskillsh-adapter.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/registry/adapters/agentskillsh-adapter.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/validation/security-auditor.test.jsView on unpkg · L57Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L2