registry  /  youmindag  /  1.0.1

youmindag@1.0.1

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit project setup CLI that installs AI-agent context files and an OpenCode plugin. The concrete risk is a shell-injection bug in the installed plugin because future user task text is interpolated into execSync.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs npx youmindag, then OpenCode executes the installed plugin on later tool events.
Impact
Potential command execution in the target project if attacker-controlled task text reaches the plugin; otherwise project context files and Graphify artifacts are created/updated.
Mechanism
explicit AI-agent extension setup with unsafe shell interpolation
Rationale
Source inspection does not support a malicious verdict because there are no lifecycle hooks, hidden exfiltration, destructive actions, or remote payload execution. The package should warn because it explicitly mutates an AI-agent control surface and ships a real command-injection vulnerability in the installed plugin.
Evidence
package.jsonbin/run.mjstemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jstemplate/scripts/load-context.mjstemplate/scripts/export-schema.mjsREADME.mdboveda/.opencode/scripts/AGENTS.mdAGENTS.md.bak.gitignorenode_modules/@sentropic/graphify.graphify/graphify-visual/studio.htmlboveda/📦 Datos/Esquema BD.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • bin/run.mjs copies template/.opencode into the caller project and overwrites AGENTS.md after backing it up.
  • template/.opencode/opencode.json registers .opencode/plugins/context-loader.js as an OpenCode plugin.
  • template/.opencode/plugins/context-loader.js runs execSync(`node "${LOADER_SCRIPT}" "${task}"`) with user task text interpolated into a shell command.
  • bin/run.mjs executes runtime commands: npm install @sentropic/graphify and npx graphify detect/update/studio export.
  • template/scripts/export-schema.mjs reads process.env.DATABASE_URL and queries local PostgreSQL information_schema when user-run.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; behavior is activated by the bin command npx youmindag.
  • No source shows credential exfiltration, destructive deletion, persistence outside the target project, or remote payload download.
  • Network behavior is package-aligned dependency/tool use around @sentropic/graphify rather than a hidden endpoint.
  • README.md openly describes injecting .opencode, scripts, AGENTS.md, and installing Graphify.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 18.7 KB of source

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@1.0.0 matchedIdentity = npm:eW91bWluZGFn:1.0.0 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10:
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium2 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings