AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an OpenCode workflow plugin with powerful agent orchestration and browser automation capabilities that are largely documented and user/configuration driven.
Decision evidence
public snapshot- dist/index.js config hook writes generated agents into process.env.OPENCODE_CONFIG_DIR/agents and changes cfg.default_agent.
- dist/index.js exposes optima_session_create/prompt tools that can create and prompt OpenCode sessions when invoked.
- dist/index.js optima_qa_chrome_command accepts raw async JS and runs it with new Function against Playwright/CDP.
- dist/index.js uses ClickUp and GitHub API clients with configured tokens for workflow/webhook automation.
- package.json has no install/postinstall lifecycle hooks; prepack is publish-time only.
- Network use is aligned with documented ClickUp, GitHub, OpenCode localhost, and QA browser features.
- README.md and docs/guides/TOOLS.md document the OpenCode plugin, agents, ClickUp, session, and QA browser tools.
- Dangerous primitives are behind plugin/tool invocation or configured webhook/QA flows, not import-time credential harvesting.
- No hardcoded exfiltration host, obfuscated payload, dependency confusion, persistence implant, or destructive install behavior found.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14719Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14163Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592