AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI installs package-owned AI-agent configuration into the current project. Its OpenCode plugin writes local state/logs and runs local Graphify/checkpoint commands when that platform loads it. No install-time or remote attack chain was confirmed.
Decision evidence
public snapshot- `bin/run.mjs` default CLI copies `template/AGENTS.md` into the project.
- `bin/run.mjs` overwrites package-owned `.opencode` plugins, skills, and config.
- `template/.opencode/plugins/context-loader.js` persists `.youmindag` logs/state and reinjects workflow guidance.
- `lib/commands/sync.mjs` writes an explicit `--hook` post-merge hook.
- `package.json` defines no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `bin/run.mjs` invokes `main()` only when run as the CLI.
- No source HTTP client, remote-payload loader, or credential-exfiltration path was found.
- Database and shell actions require explicit CLI subcommands.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/run.mjsView on unpkgPackage source invokes a package manager install command at runtime.
bin/run.mjsView on unpkg · L2