registry  /  swe-pro-agents  /  1.1.1

swe-pro-agents@1.1.1

49 specialized OpenCode subagent profiles — SWE roles, research, architecture, and code analysis agents

AI Security Review

scanned 5h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party OpenCode agent extension setup during npm postinstall. This is a lifecycle risk because agent profiles are dropped into the user's home config area, but they are package-owned and not automatically registered into OpenCode.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install or npm uninstall; explicit swe-pro-agents CLI commands
Impact
Adds package-supplied agent profiles locally; activation still requires user registration in opencode.json or AGENTS.md.
Mechanism
postinstall copies bundled markdown agent profiles to an OpenCode agents directory
Rationale
This matches a first-party package-owned agent extension setup risk, not confirmed malicious control hijacking: install-time file writes occur, but they are limited to the package's OpenCode agent directory and require manual activation. No concrete malicious behavior was found in inspected source.
Evidence
package.jsonscripts/install.jsscripts/uninstall.jsbin/swe-pro-agents.jsagents/swe-frontend.mdagents/web-researcher.mdagents/*.md~/.config/opencode/agents/swe-pro-agents/~/.config/opencode/opencode.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall and preuninstall lifecycle scripts.
  • scripts/install.js automatically copies bundled agents/ into ~/.config/opencode/agents/swe-pro-agents/.
  • scripts/uninstall.js removes ~/.config/opencode/agents/swe-pro-agents/ on uninstall.
  • agents/*.md are AI agent profiles with tool permissions, including some webfetch/websearch/edit allowances.
Evidence against
  • No network code, fetch, curl/wget, or dependency download found in executable JS.
  • No child_process, eval, Function, native binary, or dynamic remote loading found.
  • Install script does not edit opencode.json or AGENTS.md; it only prints registration instructions.
  • CLI only prints setup/status/version/help and reads opencode.json for status.
  • Agent files appear package-aligned role prompts, not credential harvesters or reviewer prompt injection.
Behavioral surface
Source
DynamicRequireFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 6.21 KB of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/swe-pro-agents.jsView file
12L13: const fs = require('fs'); L14: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/swe-pro-agents.jsView on unpkg · L12
scripts/install.jsView file
6Install-time AI-agent control hijack evidence: L6: * Runs automatically after `npm install -g swe-pro-agents`. L7: * User still needs to add the path to their opencode.json or AGENTS.md once. L8: */ ... L22: function copyRecursive(src, dest) { L23: fs.mkdirSync(dest, { recursive: true }); L24: ... L34: } else { L35: fs.copyFileSync(srcPath, destPath); L36: count++; ... L55: console.log(); L56: console.log(` Next step: add this path to your opencode.json or AGENTS.md:`); L57: console.log(` { "agents": [{ "path": "${TARGET_DIR.replace(/\\/g, '\\\\')}" }] }`); Payload evidence from bin/swe-pro-agents.js: L17: const PACKAGE_NAME = 'swe-pro-agents'; L18: const AGENTS_DIR = path.join(__dirname, '..', 'agents'); L19: const TARGET_DIR = path.join(os.homedir(), '.config', 'opencode', 'agents', PACKAGE_NAME); L20: L21: const pkg = require(path.join(__dirname, '..', 'package.json')); L22: ... L60: const raw = fs.readFileSync(opencodeConfigPath, 'utf-8').replace(/^\uFEFF/, ''); L61: const config = JSON.parse(raw); L62: const agents = config.agents || [];
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/install.jsView on unpkg · L6

Findings

1 Critical1 High3 Medium4 Low
CriticalAi Agent Control Hijackscripts/install.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/swe-pro-agents.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings