scaffold-hooks

This fragment is primarily a multi-agent hook configuration that enforces gating semantics and (for OpenCode and Copilot) conditionally executes repo-owned shell scripts via bash at specific agent lifecycle events. No direct malicious behavior (network calls, credential theft, obfuscated payloads, or exfiltration code) is present in the fragment itself; however, it creates a powerful supply-chain execution pathway dependent on repository script contents and environment-influenced paths (OPENCODE_PROJECT_DIR). To determine true maliciousness, the contents of the referenced scripts must be reviewed and verified for integrity and safety.

This file is not a standalone malware payload; it is a privileged orchestration wrapper that (1) dynamically sources harness-selected code based on AGENT_HOOK_HARNESS and (2) executes script/command actions defined by harness adapter JSON through helper functions. The primary supply-chain/security risk is indirect: if the harness environment variable or the referenced adapter JSON/libs can be tampered with, the wrapper will execute attacker-controlled code/commands. With the rest of the framework assumed trustworthy and inputs locked down, the direct malicious likelihood from this fragment alone is low, but the security posture remains meaningfully sensitive due to delegation of high-impact execution.