AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface, but the package is an OpenCode agent extension with broad lifecycle authority once enabled. It can write agent config, workflow files, local runtime logs/state, and interact with ClickUp/GitHub/OpenCode when configured.
Decision evidence
public snapshot- dist/index.js config hook can write generated OpenCode agent files to process.env.OPENCODE_CONFIG_DIR/agents.
- dist/index.js registers OpenCode plugin tools that can create sessions, edit workflow artifacts, manage ClickUp/GitHub webhooks, and run git via execFileSync when invoked.
- dist/sanitize_cli.js bin can mutate host OpenCode-related repo paths and remove override files after backup; it also supports remote ssh execution when explicitly run.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Network calls are package-aligned: ClickUp API, GitHub API, local OpenCode/Chrome CDP, and user-provided URLs for extension source.
- Shell/child_process use is bounded to git, python sqlite inspection, systemctl, ssh, unzip/chromium helpers, and explicit CLI/tool workflows.
- No evidence of credential harvesting or covert exfiltration; secrets are read from user config/env for configured ClickUp/GitHub/webhook behavior.
- Agent/config mutation is plugin-owned and occurs through OpenCode plugin config or explicit bin/tool invocation, not npm install time.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L15707Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L15031Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592