registry  /  youmindag  /  2.9.2

youmindag@2.9.2

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI installs package-owned AI-agent configuration into the current project. Its OpenCode plugin writes local state/logs and runs local Graphify/checkpoint commands when that platform loads it. No install-time or remote attack chain was confirmed.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `npx youmindag`; plugin behavior later triggers when OpenCode loads `.opencode/opencode.json`.
Impact
Mutates the target project's AI-agent control surface and creates local `.youmindag` persistence/log files.
Mechanism
First-party agent extension setup with local prompt reinjection and command orchestration.
Rationale
This is a disclosed but meaningful first-party AI-agent extension setup that changes a project's agent control surface. It warrants a warning, not a malware block, because all mutations require explicit CLI use and no concrete malicious chain was found.
Evidence
package.jsonbin/run.mjstemplate/AGENTS.mdtemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jslib/commands/sync.mjsAGENTS.mdAGENTS.md.bak.opencode/.youmindag/.git/hooks/post-merge

Decision evidence

public snapshot
AI called this Suspicious at 83.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/run.mjs` default CLI copies `template/AGENTS.md` into the project.
  • `bin/run.mjs` overwrites package-owned `.opencode` plugins, skills, and config.
  • `template/.opencode/plugins/context-loader.js` persists `.youmindag` logs/state and reinjects workflow guidance.
  • `lib/commands/sync.mjs` writes an explicit `--hook` post-merge hook.
Evidence against
  • `package.json` defines no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • `bin/run.mjs` invokes `main()` only when run as the CLI.
  • No source HTTP client, remote-payload loader, or credential-exfiltration path was found.
  • Database and shell actions require explicit CLI subcommands.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 175 KB of source, external domains: xxx.supabase.co

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@2.9.0 matchedIdentity = npm:eW91bWluZGFn:2.9.0 similarity = 0.607 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync, readdirSync, statSync, appendFileSync, openSync, closeSync, rmSync, watch } from 'fs' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync, readdirSync, statSync, appendFileSync, openSync, closeSync, rmSync, watch } from 'fs' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium4 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings