AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a powerful OpenCode workflow plugin with documented agent config writes, browser automation, and ClickUp/GitHub integrations activated by plugin use or explicit tools.
Decision evidence
public snapshot- dist/index.js writes generated OpenCode agent markdown into process.env.OPENCODE_CONFIG_DIR/agents by default during plugin config.
- dist/index.js exposes user-invoked QA tools that run supplied JS via new Function against Playwright/CDP browser pages.
- dist/index.js can call configured ClickUp/GitHub/OpenCode HTTP APIs and update ClickUp tasks/webhooks when enabled.
- package.json has no install/postinstall lifecycle hooks; main is an OpenCode plugin and bin is a user-run sanitizer CLI.
- README.md documents this as an OpenCode agent/workflow plugin that installs agent roles and repository .optima scaffolding.
- Network endpoints are product-aligned: local OpenCode/CDP plus ClickUp/GitHub APIs; tokens are read from config/env for those integrations.
- scripts/optima-sanitize-host.js only imports dist/sanitize_cli.js and runs main when explicitly invoked.
- Repository writes are tied to documented optima_init/config sync behavior, not hidden install-time execution.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14749Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14193Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592