AI Security Review
scanned 7h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package installs OpenCode agent profile files into a package-owned config directory at npm postinstall time. This is agent extension setup, but inspection did not show automatic activation, config hijacking, exfiltration, or remote payload execution.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js and preuninstall: node scripts/uninstall.js
- scripts/install.js copies agents/ into ~/.config/opencode/agents/swe-pro-agents during install
- agent markdown files are AI-agent control profiles with tool permissions such as edit/webfetch/websearch/bash ask/allow
- scripts/uninstall.js removes ~/.config/opencode/agents/swe-pro-agents on uninstall
- Install script writes only under package-owned opencode agents subdirectory, not opencode.json or AGENTS.md
- CLI setup prints configuration snippets but does not mutate opencode.json or AGENTS.md
- bin/swe-pro-agents.js status only reads opencode.json to check whether package path is referenced
- No child_process, eval, dynamic remote loading, credential harvesting, or exfiltration endpoints found
- README documents the same install location and manual user configuration step
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/swe-pro-agents.jsView on unpkg · L12Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L6