AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked `opcflow init` command can configure project-local AI-agent MCP servers and tool hooks. Generated hooks execute `opcflow hook` during supported agent tool events; no npm install-time activation or data exfiltration was confirmed.
Decision evidence
public snapshot- `dist/cli.mjs` `init` writes MCP and hook configs for AI-agent platforms.
- `dist/cli.mjs` writes `.claude/settings.json`, `.codex/config.toml`, `.cursor/hooks.json`, and `.opencode/plugins/opcflow.ts`.
- Generated OpenCode plugin spawns configured `opcflow hook` commands on tool events.
- `install-hooks` explicitly writes Git `post-commit` and optional `prepare-commit-msg` hooks.
- `fetchProviders` requests `https://models.dev/api.json` during interactive initialization.
- `package.json` has only `prepublishOnly`; consumers receive no install-time lifecycle execution.
- CLI entrypoint dispatches mutations only after explicit commands such as `init` or `install-hooks`.
- Subprocess calls inspect Git state or invoke explicit GitHub CLI issue commands; no arbitrary remote payload runner found.
- No credential harvesting, secret-file collection, or outbound exfiltration path was found.
- The flagged Unicode is in a large bundled web dependency asset; inspection found no package-specific hidden control-flow attack.
Source & flagged code
2 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
web/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.jsView on unpkg · L46