registry  /  youmindag  /  2.6.3

youmindag@2.6.3

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Running `npx youmindag` modifies the current project by copying an OpenCode plugin/config, scripts, documentation, and `AGENTS.md`. The installed plugin activates automatically in OpenCode and modifies agent task/tool context while recording local session metadata. No confirmed exfiltration or remote payload execution was found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit user execution of `npx youmindag`; the installed plugin then activates when OpenCode loads the target project's `.opencode` configuration.
Impact
Can constrain and influence OpenCode agent behavior in the project; writes local project files and may install a local Git post-merge hook only with `sync --hook`.
Mechanism
Explicit project-scoped AI-agent extension setup with context reinjection, local logging, and Graphify subprocess calls.
Rationale
No concrete malicious chain was found, but the package deliberately installs a project-scoped AI-agent control surface with automatic hook behavior. Per policy this warrants a warning rather than a block because activation follows explicit user CLI setup and the extension is package-owned.
Evidence
package.jsonbin/run.mjstemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jstemplate/AGENTS.mdAGENTS.mdAGENTS.md.bak.opencode/opencode.json.opencode/plugins/context-loader.js.opencode/skills/context-loader.yamlscripts/.youmindag/boveda/.git/hooks/post-merge

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/run.mjs` explicitly installs a persistent `.opencode` configuration and plugin into the target project.
  • `template/.opencode/plugins/context-loader.js` runs on OpenCode chat/tool hooks, reinjects context, and logs message/tool metadata locally.
  • `bin/run.mjs` overwrites or backs up `AGENTS.md`, installs scripts, and can install a `post-merge` Git hook on explicit `sync --hook`.
  • `bin/run.mjs` invokes `npm install @sentropic/graphify` during the explicit default CLI install flow.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle scripts.
  • No fixed network, webhook, credential-exfiltration, or remote-payload endpoint exists in inspected source.
  • `context-loader.js` writes only project-local `.youmindag` state/log files and calls local `graphify`/checkpoint commands.
  • Destructive operations and dev/database commands are explicit subcommands, not import-time behavior.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 165 KB of source, external domains: xxx.supabase.co

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@2.2.1 matchedIdentity = npm:eW91bWluZGFn:2.2.1 similarity = 0.909 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium3 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings