registry  /  @defend-tech/opencode-optima  /  0.1.107

@defend-tech/opencode-optima@0.1.107

> Don't just code with AI. Build enterprise-grade software.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a broad OpenCode workflow plugin that writes Optima agent/config artifacts and talks to configured ClickUp, GitHub, local OpenCode, and QA browser endpoints during explicit plugin/tool use.

Static reason
One or more suspicious static signals were detected.
Trigger
User adds the plugin to OpenCode config, invokes Optima tools, enables integrations, or runs optima-sanitize-host.
Impact
Expected project/config changes and configured external API calls; no evidence of covert install-time execution, credential exfiltration, persistence, or destructive behavior.
Mechanism
User-configured workflow automation plugin with repository scaffolding, agent prompt generation, webhook handling, API clients, QA browser helpers, and sanitizer CLI.
Rationale
Static inspection found powerful automation primitives, but they are documented, user-invoked, and aligned with the package's OpenCode workflow/integration purpose. There is no lifecycle execution, unrelated data harvesting, covert exfiltration, staged payload, or unconsented install-time AI-agent control mutation.
Evidence
package.jsonREADME.mddocs/setup/CONFIGURATION.mddist/index.jsdist/sanitize_cli.jsscripts/optima-sanitize-host.js.optima/.config/optima.yaml.optima/agents/*.md.optima/agent-additions/*.md.optima/policies/*.md.optima/.config/generated/agents/*.md.optima/.config/generated/policies/*.mdOPENCODE_CONFIG_DIR/agents/*.md~/.local/share/opencode/opencode.db
Network endpoints4
api.clickup.com/api/v2/api.github.com/127.0.0.1:9223chatgpt.com/

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js:16896 syncs generated Optima agent markdown into OPENCODE_CONFIG_DIR when plugin config loads unless disabled.
  • dist/index.js includes user-configured ClickUp/GitHub/OpenCode API clients and QA browser automation with dynamic command execution.
Evidence against
  • package.json defines no install/preinstall/postinstall lifecycle hooks; package code is not run at npm install.
  • README.md documents this as an OpenCode plugin installed by adding it to OpenCode config and describes repository-local .optima config/artifacts.
  • dist/index.js network endpoints are aligned to ClickUp, GitHub, local OpenCode, local CDP, and chatgpt QA workflow features.
  • dist/sanitize_cli.js is an explicit optima-sanitize-host CLI; ssh/python/sqlite/file writes are tied to user-invoked host sanitization and backups.
  • Secrets are read from configured references for ClickUp/GitHub and redacted in webhook audit logging; no credential harvesting loop or unrelated exfiltration found.
  • Agent config writes are transparent plugin behavior for its stated role-based OpenCode agent product, not install-time or covert AI-agent control mutation.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 3 file(s), 1.49 MB of source, external domains: 127.0.0.1, api.clickup.com, api.github.com, chatgpt.com, git-scm.com

Source & flagged code

5 flagged · loading source
dist/index.jsView file
9316import path5 from "node:path"; L9317: import { execFileSync } from "node:child_process"; L9318: function toGitPath(worktree, targetPath) {
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L9316
14502if (!script.trim()) return { ok: false, error: "script_required" }; L14503: const fn = new Function("page", "context", "browser", "artifactsDir", `return (async () => { L14504: ${script} ... L14510: } L14511: async function withQaBrowser({ provider = DEFAULT_QA_PROVIDER, cdpUrl = "", clickupTaskId = "", startUrl = "https://chatgpt.com/" } = {}, callback) { L14512: const chromium = await loadPlaywrightChromium(); L14513: const browser = await chromium.connectOverCDP(normalizeCdpUrl(cdpUrl), { L14514: timeout: Number(process.env.OPTIMA_QA_PLAYWRIGHT_CONNECT_TIMEOUT_MS || DEFAULT_QA_PLAYWRIGHT_CONNECT_TIMEOUT_MS) L14515: });
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L14502
14031const cdp = { send: (method, params = {}, options = {}) => session.send(method, params, options), evaluate: (expression, options = {}) => session.evaluate(expression, options) }; L14032: const fn = new Function("cdp", "target", "artifactsDir", "command", `return (async () => { L14033: ${script}
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L14031
scripts/optima-sanitize-host.jsView file
9const cliPath = fs.existsSync(sourceCli) ? sourceCli : distCli; L10: const { main } = await import(cliPath); L11:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/optima-sanitize-host.jsView on unpkg · L9
dist/sanitize_cli.jsView file
2592Cross-file remote execution chain: dist/sanitize_cli.js spawns dist/index.js; helper contains network access plus dynamic code execution. L2592: if (typeof node_buffer.Buffer === "function") { L2593: return node_buffer.Buffer.from(src, "base64"); L2594: } else if (typeof atob === "function") { ... L5197: yield* this.next(token); L5198: yield* this.end(forceDoc, endOffset); L5199: } ... L5201: *next(token) { L5202: if (node_process.env.LOG_STREAM) L5203: console.dir(token, { depth: null }); ... L7491: // WTF! L7492: // https://git-scm.com/docs/gitignore L7493: // changes in [2.22.1](https://git-scm.com/docs/gitignore/2.22.1)
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/sanitize_cli.jsView on unpkg · L2592

Findings

4 High3 Medium6 Low
HighChild Processdist/index.js
HighShell
HighSame File Env Network Executiondist/index.js
HighCross File Remote Execution Contextdist/sanitize_cli.js
MediumDynamic Requirescripts/optima-sanitize-host.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License