AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/index.js` contains QA-browser helpers that execute a `command_json` script with `new Function` and can attach to a configured Chrome DevTools endpoint; the behavior is exposed through the package's OpenCode plugin runtime rather than an npm lifecycle script.
- `dist/index.js` modifies OpenCode's in-memory plugin configuration to register Optima agents, may disable existing built-in agents, and sets `product_manager` as the default agent.
- `dist/sanitize_cli.js` supports explicit `--host` execution through `ssh` and reads a local OpenCode SQLite database via a fixed Python helper; these are user-invoked CLI paths, not install-time behavior.
- `package.json` declares no `preinstall`, `install`, or `postinstall` script, so npm installation does not invoke the CLI, browser controls, network clients, or filesystem mutations.
- `scripts/optima-sanitize-host.js` only imports and invokes the shipped CLI when the user runs `npm run sanitize:host`; it does not run automatically on installation.
- The inspected external endpoints are `api.clickup.com`, `api.github.com`, `chatgpt.com`, and local `127.0.0.1`/`localhost` OpenCode or Chrome DevTools services; no static evidence shows a third-party payload host, remote JavaScript download, credential exfiltration, or persistence.
- Repository writes observed in `dist/index.js` target Optima/OpenCode project-local runtime and configuration paths such as `.optima` rather than foreign Claude, Codex, Cursor, or MCP control-surface files.
- The dynamic browser and remote-host capabilities require runtime tool/CLI arguments and configured local services; inspected sources do not establish an unconsented automatic trigger.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L14319Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L13921Package source references dynamic require/import behavior.
scripts/optima-sanitize-host.jsView on unpkg · L9Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/sanitize_cli.jsView on unpkg · L2592