AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a powerful OpenCode workflow plugin with user/config-triggered agent generation, ClickUp/GitHub integration, and QA browser automation.
Decision evidence
public snapshot- dist/index.js exposes user-invoked QA tools that can run supplied Playwright/CDP scripts via new Function.
- dist/index.js config hook can write generated agent markdown under OPENCODE_CONFIG_DIR/agents.
- dist/index.js contains GitHub/ClickUp API clients and local CDP/browser automation endpoints.
- package.json has no install/postinstall lifecycle hooks; main is an OpenCode plugin and bin is an explicit CLI.
- scripts/optima-sanitize-host.js only resolves and imports the sanitize CLI, no hidden payload.
- Network endpoints are package-aligned: api.clickup.com, api.github.com, local OpenCode/CDP, chatgpt.com/auth.openai.com browser targets.
- Credential use is configuration-driven via ClickUp/GitHub tokens or env references, not broad env/file harvesting.
- File writes are runtime/workflow state, generated Optima files, explicit OPENCODE_CONFIG_DIR agents, or user-requested artifacts.
- No obfuscated payload, persistence outside configured workflow dirs, destructive install-time behavior, or unconsented exfiltration found.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14958Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14402Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592