AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package has powerful, user-invoked OpenCode automation: agent config writes, ClickUp API integration, local Chrome/CDP scripting, and git/systemctl helpers.
Decision evidence
public snapshot- dist/index.js registers OpenCode agents/tools and writes managed agent markdown to process.env.OPENCODE_CONFIG_DIR/agents/*.md by default.
- dist/index.js exposes optima_qa_chrome_command that runs user-supplied JS via new Function against Playwright/CDP browser sessions.
- dist/index.js can start configured ClickUp webhook listeners and call https://api.clickup.com/api/v2 endpoints with configured tokens.
- dist/index.js uses child_process execFile for git/systemctl, but only in workflow repair/migration/QA autostart paths.
- package.json has no install/preinstall/postinstall/prepare lifecycle execution for consumers.
- README.md describes an OpenCode workflow plugin that installs agents and ClickUp/QA tools; suspicious primitives are aligned with that purpose.
- Network calls require plugin configuration/tool use, not install-time or import-time exfiltration.
- No credential harvesting loop or hardcoded attacker endpoint found; ClickUp token is read for ClickUp API authorization.
- sanitize_cli.js is a bundled CLI wrapper; scripts/optima-sanitize-host.js only dynamically imports source or dist CLI.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14728Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14172Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592