AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package has unconsented lifecycle mutation of broad AI-agent control surfaces. Install/postinstall copies package-supplied skills, agents, and rules into user OpenCode config directories and writes CLAUDE.md/AGENTS.md.
Decision evidence
public snapshot- package.json runs node bin/cli.js --sync on both install and postinstall.
- bin/cli.js main() always rewrites cwd opencode.json and may rename ~/opencode.json during lifecycle.
- bin/cli.js syncSkillsAndRules writes package SKILL.md files into ~/.config/opencode and ~/.opencode.
- bin/cli.js writes AGENTS.md and CLAUDE.md into ~/.config/opencode and ~/.opencode with package-supplied agent instructions.
- Generated OpenCode config grants bash/write/edit tools and disables default build/plan agents when CLI launches.
- No external network endpoints or credential exfiltration found in inspected files.
- Agent/build scripts appear user-invoked after CLI run, not lifecycle-triggered by --sync.
- Writes target OpenCode-related locations rather than arbitrary shell startup or OS persistence files.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/cli.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dev-server.jsView on unpkg · L2