# opencode-ai@0.0.0-beta-202605242105 — Threat Briefing

High risk — threat briefing for npm package opencode-ai@0.0.0-beta-202605242105. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 1.15.10
- **License:** MIT

## Risk

- **Level:** high
- **Summary:** Version published less than 24 hours ago — scanner results may be incomplete

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | Postinstall |
| network access | none |
| filesystem | both |
| shell execution | exec |

## Capabilities

### Other

- Filesystem read from package directory (info-only) [common]
- Filesystem write to system directory [common]
- Filesystem write to temp directory [common]
- Platform / architecture detection (info-only) [common]
- Unexpected native binary in source [common]

### Filesystem

- Filesystem read [common]
- Filesystem write [unusual]

### System

- OS information gathering [common]

## Key Signals

- ****
- ****
- ****
- ****

## Maintainer


## Recommended Action

Review before installing in sensitive environments.