registry  /  toon-memory  /  1.0.5

toon-memory@1.0.5

Persistent memory system for OpenCode AI agent using TOON format (40% fewer tokens than JSON)

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit execution of `bin/setup.js` by a user.
Impact
Can alter a user-selected OpenCode project if manually run; no confirmed malicious chain.
Mechanism
Runs npm install and writes OpenCode tool and memory paths.
Rationale
The package contains an explicit-user setup routine that targets an AI-agent project control surface and invokes npm at runtime, warranting a warning. Direct inspection found no automatic trigger or concrete malicious behavior.
Evidence
package.jsonbin/setup.js.opencode/tools/memory.ts.opencode/memory/data.toonsrc/memory.ts

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/setup.js` can run `npm install @toon-format/toon` in the caller project.
  • `bin/setup.js` writes under the OpenCode `.opencode` control surface.
  • The setup script copies a tool into `.opencode/tools/memory.ts`.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No package file imports or invokes `bin/setup.js` automatically.
  • No network URLs, credential reads, environment harvesting, or exfiltration appear in inspected files.
  • The declared CLI entry `bin/toon-memory.js` is absent.
  • The copied source `src/memory.ts` is absent, so setup cannot complete successfully.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.32 KB of source

Source & flagged code

2 flagged · loading source
bin/setup.jsView file
4import { fileURLToPath } from "url" L5: import { execSync } from "child_process" L6:
High
Child Process

Package source references child process execution.

bin/setup.jsView on unpkg · L4
18console.log("Installing @toon-format/toon...") L19: execSync("npm install @toon-format/toon", { cwd: projectRoot, stdio: "inherit" }) L20: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/setup.jsView on unpkg · L18

Findings

3 High1 Low
HighChild Processbin/setup.js
HighShell
HighRuntime Package Installbin/setup.js
LowFilesystem