AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package has broad automation capabilities, but they are disclosed plugin tools and activated by OpenCode/plugin configuration or explicit tool calls, not install-time execution.
Decision evidence
public snapshot- dist/index.js exposes powerful user-invoked tools for OpenCode prompts, GitHub/ClickUp APIs, QA browser CDP, and worktree files.
- dist/index.js syncOpenCodeConfigAgents writes generated agent markdown into OPENCODE_CONFIG_DIR/agents when plugin config runs.
- dist/index.js cdpRunChromeCommand can run user-supplied script via new Function inside the optima_qa_chrome_command tool.
- package.json has no install/postinstall lifecycle hooks; prepack/build are publish-time scripts only.
- README.md describes an OpenCode plugin that installs role agents and workflow/QA/GitHub/ClickUp tools, matching the observed behavior.
- dist/index.js network calls are aligned to configured ClickUp, GitHub, local OpenCode, local CDP, and ChatGPT QA workflows.
- dist/index.js reads secrets only from explicit config references like {env:NAME} or {file:path} for API/webhook auth, not broad harvesting.
- scripts/optima-sanitize-host.js only imports the packaged sanitize CLI; dynamic import is a local source/dist fallback.
- dist/index.js webhook handlers verify ClickUp/GitHub HMAC signatures before routing events.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14745Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14189Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592