AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI installs a project-local OpenCode extension and modifies project context files. The extension persists local session/tool metadata and executes local Graphify/checkpoint commands during OpenCode use; no outbound exfiltration was confirmed.
Decision evidence
public snapshot- `bin/run.mjs` explicitly copies a managed `.opencode/` configuration, plugin, and skill into the invoked project.
- `template/.opencode/opencode.json` loads `./plugins/context-loader.js`; the copied plugin auto-runs in OpenCode sessions.
- `template/.opencode/plugins/context-loader.js` records user-message previews, tool metadata, checkpoints, and state under `.youmindag/`.
- The plugin runs local `npx graphify` and checkpoint commands during agent-tool events.
- `package.json` has only `prepublishOnly`; there are no install-time lifecycle hooks.
- No fetch/client/network-exfiltration API or external upload endpoint was found in reviewed source.
- Writes are rooted in the explicitly invoked project directory and align with the package's context-tool purpose.
- Runtime package installation targets the named `@sentropic/graphify` dependency after explicit CLI invocation.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/run.mjsView on unpkgPackage source invokes a package manager install command at runtime.
bin/run.mjsView on unpkg · L2