AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an OpenCode workflow plugin with broad but declared automation capabilities that activate when configured as a plugin or when its CLI/tools are invoked.
Decision evidence
public snapshot- dist/index.js exposes powerful user-invoked tools: OpenCode session prompts, ClickUp/GitHub automation, Chrome CDP/Playwright script execution.
- dist/index.js config hook can write managed agent files under process.env.OPENCODE_CONFIG_DIR/agents/*.md.
- dist/sanitize_cli.js can run ssh for --host and remove/repair Optima override files when sanitize is invoked non-dry-run.
- package.json has no install/postinstall/preinstall lifecycle hooks; prepack is publish-time only.
- scripts/optima-sanitize-host.js only imports the packaged CLI and calls main when explicitly run.
- Network endpoints are package-aligned: ClickUp API, GitHub API, local OpenCode/CDP, configured webhook URLs, chatgpt.com QA tabs.
- Filesystem writes are scoped to Optima workflow state/config, managed agent files, git worktrees, backups, logs, screenshots, and explicit repair/sanitize actions.
- Dynamic code generation is limited to explicit QA browser/CDP command tools, not import-time or install-time execution.
- No evidence of credential harvesting or exfiltration beyond configured API tokens/secrets used for ClickUp/GitHub/webhook functionality.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14933Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14377Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592