registry  /  youmindag  /  1.0.4

youmindag@1.0.4

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit setup CLI for injecting project context files and an OpenCode plugin. It creates an agent extension that mutates future tool commands and contains a shell-injection risk through unescaped task text.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs npx youmindag, then OpenCode executes tools with the installed plugin active.
Impact
Can alter agent tool commands and may execute attacker-shaped shell syntax if hostile task text reaches the plugin.
Mechanism
explicit user-command AI-agent config mutation with unsafe execSync shell interpolation
Rationale
Source inspection shows explicit-user-command setup of a package-owned AI-agent extension, not unconsented lifecycle mutation or data theft. The unsafe execSync interpolation and command mutation justify warning rather than clean, but there is no concrete malicious payload chain to block publishing.
Evidence
package.jsonbin/run.mjstemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jstemplate/scripts/load-context.mjstemplate/AGENTS.mdboveda/**.opencode/**scripts/**AGENTS.mdAGENTS.md.bak.gitignore.graphify/graph.jsongraphify-visual/studio.html
Network endpoints1
github.com/CESARBR2025/youmindag.git

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • bin/run.mjs explicitly copies template/.opencode into target project and overwrites AGENTS.md after backup
  • template/.opencode/opencode.json registers plugins/context-loader.js for OpenCode
  • context-loader.js hooks tool.execute.before and mutates output.args.command before tool execution
  • context-loader.js builds execSync shell command with unescaped user task inside double quotes
  • bin/run.mjs runs npm install @sentropic/graphify and several npx graphify commands in target project
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts
  • Activation is via user-invoked npx/bin, not automatic package install
  • No credential harvesting or outbound exfiltration endpoint found
  • Network activity is limited to npm/npx package-aligned Graphify install/use
  • Template scripts mainly read project docs/source metadata and write generated docs
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 18.7 KB of source

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@1.0.1 matchedIdentity = npm:eW91bWluZGFn:1.0.1 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10:
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium2 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings