AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit project bootstrapper that installs a persistent OpenCode extension and helper scripts. Its plugin executes on OpenCode load and records project-local session/token metadata while injecting workflow guidance. No confirmed exfiltration or unconsented npm lifecycle execution is established.
Decision evidence
public snapshot- `bin/run.mjs` default `npx youmindag` install copies and overwrites project `AGENTS.md`, `.opencode/`, and `scripts/`.
- `template/.opencode/opencode.json` loads the bundled `context-loader.js` plugin and changes OpenCode agent permissions for `grep` and `glob`.
- `template/.opencode/plugins/context-loader.js` runs automatically when loaded, writes project-local logs/state, reinjects rules, and invokes local `npx graphify` commands.
- `bin/run.mjs` can install `@sentropic/graphify` and has explicit commands for database queries, process control, source tracing, and a post-merge Git hook.
- `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle script.
- No `fetch`, HTTP client, curl/wget, WebSocket, or hard-coded runtime network endpoint appears in executable package source.
- Environment-derived `DATABASE_URL` is used only by the explicit `youmindag db` command to connect to the target project's PostgreSQL database.
- All observed writes and command execution are tied to an explicit CLI invocation or the first-party OpenCode extension; no credential exfiltration or destructive payload is present.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/run.mjsView on unpkgPackage source invokes a package manager install command at runtime.
bin/run.mjsView on unpkg · L2