AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by static inspection. The package is a full AI agent CLI with user-invoked shell, network, plugin, and workflow setup capabilities.
Decision evidence
public snapshot- dist/chunks/agent-XASWUE5W.mjs parses --params with new Function for the debug agent tool command.
- dist/chunks/github-SAI3OHBI.mjs user-invoked github install runs git remote, opens browser, polls api.opencode.ai, and writes .github/workflows/opencode.yml.
- dist/chunks/chunk-UX6LW3VS.mjs fetches model metadata from https://models.dev and caches it.
- dist/chunks/chunk-NP366GVR.mjs contains AI-agent capabilities: shell/LSP spawning, dynamic provider import/install, local file and .easbot state access.
- package.json has no preinstall/install/postinstall/prepare lifecycle hooks; only bin easbot points to dist/cli.mjs.
- dist/cli.mjs initializes the CLI and parses explicit user commands; no install-time execution path found.
- Network use is package-aligned for model metadata, configured providers, gateway, and explicit GitHub app setup.
- Command execution appears tied to documented agent, LSP, debug, or GitHub-install workflows rather than hidden import-time exfiltration.
- No hardcoded credential harvesting or stealth persistence endpoint found in inspected hot files.
Source & flagged code
9 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1Package source references child process execution.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1Package source references dynamic code evaluation.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L932A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1Package source references dynamic require/import behavior.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L23Source writes installer persistence such as shell profile or service configuration.
dist/chunks/chunk-NP366GVR.mjsView on unpkg · L1