AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an OpenCode workflow plugin with explicit tools for Optima scaffolding, ClickUp/GitHub automation, QA browser control, and host sanitation.
Decision evidence
public snapshot- dist/index.js config hook writes OpenCode agent config and sets default_agent, but only when loaded as the declared OpenCode plugin.
- dist/sanitize_cli.js user-invoked CLI can migrate .optima artifacts and remove local agent/policy overrides after creating a backup.
- dist/index.js contains configured ClickUp/GitHub/OpenCode API clients and local webhook listener code.
- package.json has no install/postinstall lifecycle scripts; prepack is publish-time only.
- scripts/optima-sanitize-host.js only imports source or dist CLI and calls main when user runs the script.
- dist/index.js network use is package-aligned: ClickUp, GitHub, local OpenCode/OpenChamber, and Chrome CDP endpoints from config.
- dist/index.js child_process use is limited to git/systemctl helper operations; dist/sanitize_cli.js uses ssh/python3 only for explicit host sanitation workflow.
- No credential harvesting or exfiltration flow found; configured tokens are used as API auth headers for their services.
- Prompt/agent assets are documented product behavior rather than hidden reviewer manipulation or install-time control-surface mutation.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14591Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14079Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592