AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install/import attack surface. The package is an OpenCode platform plugin with powerful agent, ClickUp/GitHub, and QA browser capabilities that can write OpenCode agent files and run user-supplied browser scripts when the plugin/tools are invoked.
Decision evidence
public snapshot- dist/index.js config hook writes generated agent markdown into OPENCODE_CONFIG_DIR/agents via syncOpenCodeConfigAgents
- dist/index.js exposes QA browser tools that run user-supplied evaluate/script through Playwright/CDP new Function
- dist/index.js can start configured user systemd QA service when qa.autostart is enabled
- dist/index.js performs ClickUp/GitHub API actions when configured
- package.json has no npm lifecycle install hooks
- OpenCode agent/config mutation occurs in plugin config runtime, not npm install time, and targets OpenCode plugin surface
- Repository scaffolding writes are user-invoked via optima_init/repair into .optima and .gitignore
- Network endpoints are package-aligned: ClickUp, GitHub, local OpenCode/CDP, ChatGPT QA
- No credential harvesting or unrelated exfiltration found in inspected entrypoints
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L15284Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L14728Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592