registry  /  youmindag  /  2.9.0

youmindag@2.9.0

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `npx youmindag` in a project; later, OpenCode loads the copied plugin.
Impact
Can alter agent guidance, log local prompt/tool metadata, and cause later Graphify/helper command execution within the opted-in project.
Mechanism
Explicit project-local AI-agent configuration injection with local tool-event hooks.
Rationale
Source inspection confirms an explicit user-command agent-extension setup, not malware or unconsented lifecycle mutation. Warn so users understand the agent-control and local-command behavior.
Evidence
package.jsonbin/run.mjstemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jstemplate/AGENTS.mdAGENTS.mdAGENTS.md.bak.opencode/opencode.json.opencode/plugins/context-loader.js.opencode/skills/context-loader.yaml.opencode/context-map.yaml.youmindag/plugin-heartbeat.log.youmindag/token-usage.jsonl.youmindag/plugin-state.jsonscripts/session-checkpoint.mjs

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/run.mjs` default `npx youmindag` path overwrites project `AGENTS.md` and copies `.opencode/` configuration, plugins, and skills.
  • `template/.opencode/opencode.json` activates `plugins/context-loader.js` in the target project.
  • `context-loader.js` runs later in OpenCode, logs local task/tool metadata, rewrites bash commands with `echo` prefixes, and conditionally runs local `npx graphify` and checkpoint scripts.
  • `bin/run.mjs` installs `@sentropic/graphify` and invokes Graphify through npm/npx after explicit CLI use.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • No source network client or hard-coded exfiltration endpoint was found; URLs are metadata/schema references.
  • File access targets the current project and local `.youmindag` state, not home-directory credentials or broad system paths.
  • No eval, remote payload download, stealth persistence, or destructive cleanup chain was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 174 KB of source, external domains: xxx.supabase.co

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@2.6.4 matchedIdentity = npm:eW91bWluZGFn:2.6.4 similarity = 0.929 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync, readdirSync, statSync, appendFileSync, openSync, closeSync, rmSync, watch } from 'fs' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync, readdirSync, statSync, appendFileSync, openSync, closeSync, rmSync, watch } from 'fs' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium4 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings