AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware behavior, but the package is an OpenCode agent extension that mutates agent configuration during plugin config and exposes powerful workflow/QA automation tools. Risk is platform-extension lifecycle control rather than credential theft or covert persistence.
Decision evidence
public snapshot- dist/index.js config hook writes generated agent markdown into process.env.OPENCODE_CONFIG_DIR/agents by default
- dist/index.js registers OpenCode tools that can prompt/fork sessions and alter default_agent to product_manager
- dist/index.js includes user-invoked browser QA tools with new Function for supplied script commands
- dist/sanitize_cli.js user-invoked CLI can SSH to a host, read OpenCode SQLite paths, back up/remove legacy override files
- package.json has no install/postinstall/preinstall lifecycle scripts
- Network calls are aligned to ClickUp/GitHub/OpenCode/OpenChamber/Chrome CDP/ChatGPT QA features, not covert exfiltration
- No import-time execution beyond module definition/export in dist/index.js
- Child process usage is for git operations, systemctl QA helper, SSH CLI mode, and python sqlite query helper
- File writes target documented Optima/OpenCode config/runtime paths or user-discovered worktrees, with safe-worktree checks in plugin tools
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L15222Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14666Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592