AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates OpenCode's AI-agent control surface during npm postinstall. Agents are copied to a package-named directory, but skills are installed into the shared global skills directory using generic names.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/install.js.
- scripts/install.js automatically copies agents to ~/.config/opencode/agents/swe-pro-agents/.
- scripts/install.js automatically copies unprefixed skills into shared ~/.config/opencode/skills/.
- Skill names like reviewer, testing, planner, repository are generic and may overwrite/control broad OpenCode behavior.
- preuninstall removes only ~/.config/opencode/agents/swe-pro-agents, leaving copied skills behind.
- No package code found for credential harvesting, exfiltration, eval/vm, child_process, or runtime network calls.
- CLI only prints setup/status/version/help and reads opencode.json for status.
- Agent/skill prompts appear package-aligned software-engineering roles, not covert data theft instructions.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/swe-pro-agents.jsView on unpkg · L12Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L5