AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a CLI/workbench that can explicitly generate project agent configs, MCP registration, hooks, docs, and a local database as its advertised function.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs opcflow init, gen-agents, install-hooks, serve, mcp, or related CLI commands.
Impact
Project files may be created or updated for opcflow workflow integration; no unconsented install-time mutation or exfiltration found.
Mechanism
Explicit user-command project scaffolding and workflow automation
Rationale
Source inspection shows potentially sensitive primitives are user-invoked and aligned with the package's documented AI-workflow scaffolding purpose. There is no install-time execution, credential harvesting, remote code loading, or unconsented broad AI-agent control-surface mutation.
Evidence
package.jsondist/cli.mjsREADME.en.mdweb/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.jsworkbench.config.jsondocs/.workbench/.mcp.json.claude/settings.json.codex/config.tomlopencode.json.opencode/plugins/opcflow.ts.cursor/mcp.json.cursor/hooks.json.git/hooks/post-commit.git/hooks/prepare-commit-msg
Network endpoints2
models.dev/api.json127.0.0.1:5620
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/cli.mjs can write AI-agent MCP/hook config for Claude, Codex, OpenCode, and Cursor during explicit init/gen commands.
- dist/cli.mjs installs git hooks only via init when .git exists or explicit install-hooks command.
- dist/cli.mjs fetches https://models.dev/api.json during interactive init model selection.
Evidence against
- package.json has no preinstall/install/postinstall; only prepublishOnly build for publisher workflow.
- Agent/MCP/hook writes are documented package purpose in README.en.md and are activated by user CLI commands, not install/import.
- dist/cli.mjs child_process usage is package-aligned git/gh operations or generated local hook forwarding, not remote payload execution.
- No credential harvesting or exfiltration endpoint found; network is models.dev metadata and local serve/SSE.
- Scanner Unicode hit in web/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.js appears bundled parser/whitespace handling, not Trojan Source control flow.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Source & flagged code
2 flagged · loading sourcedist/cli.mjsView file
19import { dirname, join, resolve } from "node:path";
L20: function findProjectRoot(from = process.cwd()) {
L21: let dir = resolve(from);
...
L31: if (!existsSync(file)) return { ...DEFAULTS };
L32: const raw = JSON.parse(
L33: readFileSync(file, "utf-8")
...
L348: IGNORE_DIRS = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "build", ".workbench"]);
L349: IGNORE_FILES = /* @__PURE__ */ new Set(["pnpm-lock.yaml", "package-lock.json", "yarn.lock", ".DS_Store", "Thumbs.db"]);
L350: }
...
L514: }),
L515: respondBlocked: (msg) => ({ exitCode: 2, stderr: msg }),
L516: formatModel: (_providerId, modelId) => modelId,
Low
web/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space)
\r \v \xA0 \u2028\u2029 <U+FEFF>`.split(``);function Da(e){let t=typeof e==`string`?new RegExp(e):e;return Ea.some(e=>t.test(e))}o(Da,`isWhitespace`);function Oa(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(Oa,`escapeReg
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
web/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.jsView on unpkg · L46Findings
1 Critical4 Medium7 Low
CriticalTrojan Source Unicodeweb/dist/assets/chunk-KEIR6QF5-BfrZ3jm6.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/cli.mjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings