AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a high-capability OpenCode workflow plugin, but risky primitives are tied to configured or user-invoked workflow, QA, GitHub, ClickUp, and sanitize operations.
Decision evidence
public snapshot- dist/index.js exposes QA browser tools that evaluate user-supplied commands with new Function.
- dist/index.js can write .optima runtime/config files, sync OpenCode agent markdown, and run git/systemctl in explicit tools.
- dist/index.js contacts ClickUp/GitHub/OpenCode/Chrome CDP endpoints when configured.
- package.json has no install/postinstall lifecycle hooks; main is an OpenCode plugin and bin is an explicit sanitize CLI.
- Network endpoints are package-aligned: api.clickup.com, api.github.com, local OpenCode, and local Chrome CDP.
- File writes are scoped to .optima, OPENCODE_CONFIG_DIR agents, QA artifacts/state, or explicit worktree operations.
- scripts/optima-sanitize-host.js only chooses source/dist CLI and imports main; no hidden payload.
- No credential harvesting/exfiltration beyond configured API tokens used as Authorization for ClickUp/GitHub API calls.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14957Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14401Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592