AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party OpenCode agent extension setup during npm postinstall. This is a lifecycle risk because agent profiles are dropped into the user's home config area, but they are package-owned and not automatically registered into OpenCode.
Decision evidence
public snapshot- package.json defines postinstall and preuninstall lifecycle scripts.
- scripts/install.js automatically copies bundled agents/ into ~/.config/opencode/agents/swe-pro-agents/.
- scripts/uninstall.js removes ~/.config/opencode/agents/swe-pro-agents/ on uninstall.
- agents/*.md are AI agent profiles with tool permissions, including some webfetch/websearch/edit allowances.
- No network code, fetch, curl/wget, or dependency download found in executable JS.
- No child_process, eval, Function, native binary, or dynamic remote loading found.
- Install script does not edit opencode.json or AGENTS.md; it only prints registration instructions.
- CLI only prints setup/status/version/help and reads opencode.json for status.
- Agent files appear package-aligned role prompts, not credential harvesters or reviewer prompt injection.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/swe-pro-agents.jsView on unpkg · L12Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L6