registry  /  youmindag  /  2.6.4

youmindag@2.6.4

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit project bootstrapper that installs a persistent OpenCode extension and helper scripts. Its plugin executes on OpenCode load and records project-local session/token metadata while injecting workflow guidance. No confirmed exfiltration or unconsented npm lifecycle execution is established.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `npx youmindag` in a project, then OpenCode loads the installed `.opencode` plugin.
Impact
Modifies agent configuration and project files; can execute local Graphify, database, tracing, and Git-hook workflows when their corresponding commands are invoked.
Mechanism
First-party AI-agent extension installation with local automation and project mutation.
Rationale
The package is not concretely malicious, but it installs and activates a persistent first-party AI-agent extension with broad project mutation and automation behavior. This warrants a warning rather than a block under the stated policy.
Evidence
package.jsonbin/run.mjstemplate/AGENTS.mdtemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jstemplate/scripts/export-schema.mjsAGENTS.mdAGENTS.md.bak.opencode/opencode.json.opencode/plugins/context-loader.js.opencode/context-map.yamlscripts/.youmindag/plugin-heartbeat.log.youmindag/token-usage.jsonl.youmindag/plugin-state.json.git/hooks/post-merge

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/run.mjs` default `npx youmindag` install copies and overwrites project `AGENTS.md`, `.opencode/`, and `scripts/`.
  • `template/.opencode/opencode.json` loads the bundled `context-loader.js` plugin and changes OpenCode agent permissions for `grep` and `glob`.
  • `template/.opencode/plugins/context-loader.js` runs automatically when loaded, writes project-local logs/state, reinjects rules, and invokes local `npx graphify` commands.
  • `bin/run.mjs` can install `@sentropic/graphify` and has explicit commands for database queries, process control, source tracing, and a post-merge Git hook.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle script.
  • No `fetch`, HTTP client, curl/wget, WebSocket, or hard-coded runtime network endpoint appears in executable package source.
  • Environment-derived `DATABASE_URL` is used only by the explicit `youmindag db` command to connect to the target project's PostgreSQL database.
  • All observed writes and command execution are tied to an explicit CLI invocation or the first-party OpenCode extension; no credential exfiltration or destructive payload is present.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 166 KB of source, external domains: xxx.supabase.co

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@2.2.1 matchedIdentity = npm:eW91bWluZGFn:2.2.1 similarity = 0.909 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { fileURLToPath } from 'url' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium3 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings