AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The risky primitives are part of an OpenCode workflow plugin and are activated by plugin configuration or explicit tool/CLI use.
Decision evidence
public snapshot- dist/index.js writes Optima-managed agent markdown into OPENCODE_CONFIG_DIR/agents during plugin config
- dist/index.js exposes user-invoked QA browser tools that evaluate provided expressions/scripts via CDP/Playwright
- dist/index.js can call ClickUp/GitHub/OpenCode HTTP APIs when configured with tokens/base URLs
- dist/sanitize_cli.js user-invoked CLI can run ssh for --host and remove backed-up legacy override files
- package.json has no install/postinstall lifecycle hooks
- README.md describes an OpenCode plugin that installs role agents and .optima workflow artifacts
- Network endpoints are package-aligned: ClickUp API, GitHub API, local OpenCode/CDP, ChatGPT QA tab
- Secrets are read only from explicit config references like {env:VAR} or {file:path} for configured API clients
- Shell/child_process use is limited to user-invoked git/systemctl/ssh/python helper paths, not import-time execution
- No evidence of credential harvesting, hidden exfiltration, persistence, destructive install-time behavior, or reviewer prompt injection
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14719Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14163Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592