AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an OpenCode workflow plugin with privileged, user-invoked automation features for agents, QA browser control, ClickUp/GitHub integration, and host sanitation.
Decision evidence
public snapshot- dist/index.js exposes user-invoked QA tools that can run provided browser scripts via new Function.
- dist/index.js can write OpenCode agent markdown under OPENCODE_CONFIG_DIR/agents during plugin config.
- dist/sanitize_cli.js supports user-invoked host sanitation and optional ssh remote execution.
- package.json has no install/postinstall lifecycle hooks.
- Network use is aligned with configured ClickUp/GitHub APIs and local Chrome CDP, not hidden exfiltration.
- dist/index.js child_process use is git operations and QA service helpers, not install/import-time execution.
- dist/sanitize_cli.js main only runs when invoked as CLI; scripts/optima-sanitize-host.js only imports the bundled CLI.
- No credential harvesting loop or hardcoded attacker endpoint found.
- Agent/config writes are declared plugin behavior, controlled by repo config/env, not unconsented lifecycle mutation.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14719Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14163Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592