AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit execution of `bin/setup.js` by a user.
Impact
Can alter a user-selected OpenCode project if manually run; no confirmed malicious chain.
Mechanism
Runs npm install and writes OpenCode tool and memory paths.
Rationale
The package contains an explicit-user setup routine that targets an AI-agent project control surface and invokes npm at runtime, warranting a warning. Direct inspection found no automatic trigger or concrete malicious behavior.
Evidence
package.jsonbin/setup.js.opencode/tools/memory.ts.opencode/memory/data.toonsrc/memory.ts
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `bin/setup.js` can run `npm install @toon-format/toon` in the caller project.
- `bin/setup.js` writes under the OpenCode `.opencode` control surface.
- The setup script copies a tool into `.opencode/tools/memory.ts`.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- No package file imports or invokes `bin/setup.js` automatically.
- No network URLs, credential reads, environment harvesting, or exfiltration appear in inspected files.
- The declared CLI entry `bin/toon-memory.js` is absent.
- The copied source `src/memory.ts` is absent, so setup cannot complete successfully.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcebin/setup.jsView file
4import { fileURLToPath } from "url"
L5: import { execSync } from "child_process"
L6:
High
18console.log("Installing @toon-format/toon...")
L19: execSync("npm install @toon-format/toon", { cwd: projectRoot, stdio: "inherit" })
L20: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/setup.jsView on unpkg · L18Findings
3 High1 Low
HighChild Processbin/setup.js
HighShell
HighRuntime Package Installbin/setup.js
LowFilesystem