registry  /  youmindag  /  2.9.4

youmindag@2.9.4

🧠 Inyecta inteligencia de contexto a cualquier proyecto. Una línea y tu AI coding tool entiende toda la arquitectura.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI installs a project-local OpenCode extension and modifies project context files. The extension persists local session/tool metadata and executes local Graphify/checkpoint commands during OpenCode use; no outbound exfiltration was confirmed.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Running `npx youmindag` in a project, then using OpenCode in that project.
Impact
Alters AI-agent configuration and retains local prompt/tool metadata under the project.
Mechanism
Project-local OpenCode plugin installation with local telemetry and command execution.
Rationale
Source inspection does not support a malicious/block verdict. The explicit CLI installs a first-party project-local AI-agent extension that logs session-related metadata, so it warrants a warning under the extension-lifecycle policy.
Evidence
package.jsonbin/run.mjslib/graphify.mjstemplate/.opencode/opencode.jsontemplate/.opencode/plugins/context-loader.jstemplate/scripts/session-checkpoint.mjsAGENTS.mdAGENTS.md.bak.opencode/opencode.json.opencode/plugins/context-loader.js.opencode/skills/context-loader.yaml.youmindag/plugin-heartbeat.log.youmindag/token-usage.jsonl.youmindag/plugin-state.jsonscripts/session-checkpoint.mjs

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/run.mjs` explicitly copies a managed `.opencode/` configuration, plugin, and skill into the invoked project.
  • `template/.opencode/opencode.json` loads `./plugins/context-loader.js`; the copied plugin auto-runs in OpenCode sessions.
  • `template/.opencode/plugins/context-loader.js` records user-message previews, tool metadata, checkpoints, and state under `.youmindag/`.
  • The plugin runs local `npx graphify` and checkpoint commands during agent-tool events.
Evidence against
  • `package.json` has only `prepublishOnly`; there are no install-time lifecycle hooks.
  • No fetch/client/network-exfiltration API or external upload endpoint was found in reviewed source.
  • Writes are rooted in the explicitly invoked project directory and align with the package's context-tool purpose.
  • Runtime package installation targets the named `@sentropic/graphify` dependency after explicit CLI invocation.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 175 KB of source, external domains: xxx.supabase.co

Source & flagged code

3 flagged · loading source
bin/run.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = youmindag@2.9.2 matchedIdentity = npm:eW91bWluZGFn:2.9.2 similarity = 0.964 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/run.mjsView on unpkg
8import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync, readdirSync, statSync, appendFileSync, openSync, closeSync, rmSync, watch, realpathSync } from 'fs' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Child Process

Package source references child process execution.

bin/run.mjsView on unpkg · L8
2// YouMindAG — Inyecta inteligencia de contexto a cualquier proyecto. L3: // Uso: npx youmindag L4: // Ejecutar DENTRO del directorio del proyecto destino. ... L8: import { existsSync, readFileSync, writeFileSync, mkdirSync, copyFileSync, readdirSync, statSync, appendFileSync, openSync, closeSync, rmSync, watch, realpathSync } from 'fs' L9: import { execSync } from 'child_process' L10: import { spawn } from 'child_process'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/run.mjsView on unpkg · L2

Findings

1 Critical3 High2 Medium5 Low
CriticalPrevious Version Dangerous Deltabin/run.mjs
HighChild Processbin/run.mjs
HighShell
HighRuntime Package Installbin/run.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings