AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package auto-bootstraps a first-party opencode plugin and agent harness when the bizar CLI is run, mutating the user's opencode config and plugin directory. This is package-aligned but broad AI-agent extension setup, so it warrants warning rather than blocking.
Decision evidence
public snapshot- cli/bin.mjs calls ensureSetup on most bizar invocations unless --help/--version/--check or BIZAR_SKIP_INSTALL is set.
- cli/bootstrap.mjs treats missing ~/.config/opencode/agents/odin.md or ~/.config/opencode/plugins/bizar as first-run setup and calls runPostInstall.
- cli/provision.mjs copies plugins/bizar to ~/.config/opencode/plugins/bizar and patches ~/.config/opencode/opencode.json with ./plugins/bizar/index.ts.
- config/opencode.json grants multiple Bizar tools and agent permissions including bash/webfetch/websearch for bundled agents.
- package.json has only prepublishOnly lifecycle; no npm preinstall/install/postinstall hook.
- Plugin/dashboard network is package-aligned or user-configured: localhost dashboard/opencode serve, npm view/install for updates, and scheduled webhooks validate URL and block private hosts by default.
- bizar-dash/tests/memory-sync.test.mjs contains an AWS-looking test fixture used to assert secret blocking, not a live credential.
- Runtime package installs in update-store/provision target @polderlabs/bizar, related packages, or opencode-ai, often with --ignore-scripts in dashboard updater.
- No source evidence of credential harvesting, stealth persistence, destructive behavior, or exfiltration endpoint.
Source & flagged code
30 flagged · loading sourcePackage contains a critical-looking secret pattern.
bizar-dash/tests/memory-sync.test.mjsView on unpkg · L107AWS access key ID in bizar-dash/tests/memory-sync.test.mjs
bizar-dash/tests/memory-sync.test.mjsView on unpkg · L107Package source references child process execution.
bizar-dash/tests/plugins-sandbox.test.mjsView on unpkg · L5Package source references dynamic require/import behavior.
bizar-dash/tests/plugins-sandbox.test.mjsView on unpkg · L24Package source references a known benign dynamic code generation pattern.
templates/plan/htmx.min.jsView on unpkg · L1Package source references weak cryptographic algorithms.
bizar-dash/src/server/routes/activity.mjsView on unpkg · L25Source writes installer persistence such as shell profile or service configuration.
cli/service-controller.mjsView on unpkg · L23This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bizar-dash/src/server/schedules-runner.mjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
bizar-dash/src/server/schedules-runner.mjsView on unpkg · L18Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
cli/copy.mjsView on unpkg · L80Package source invokes a package manager install command at runtime.
bizar-dash/src/server/update-store.mjsView on unpkg · L77Package ships non-JavaScript build or shell helper files.
config/skills/embedded-esp-idf/scripts/size_check.shView on unpkgTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgAWS access key ID in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L19GitHub personal access token in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L25Stripe live secret key in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L31Slack bot token in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L37RSA private key in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L43AWS access key ID in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L92AWS access key ID in bizar-dash/tests/memory-secrets.test.mjs
bizar-dash/tests/memory-secrets.test.mjsView on unpkg · L99AWS access key ID in bizar-dash/tests/memory-store.test.mjs
bizar-dash/tests/memory-store.test.mjsView on unpkg · L219AWS access key ID in bizar-dash/tests/memory-cli.test.mjs
bizar-dash/tests/memory-cli.test.mjsView on unpkg · L231Hardcoded password in bizar-dash/scripts/smoke-bg-retry.mjs
bizar-dash/scripts/smoke-bg-retry.mjsView on unpkg · L45Hardcoded password in bizar-dash/scripts/smoke-bg-retry.mjs
bizar-dash/scripts/smoke-bg-retry.mjsView on unpkg · L53Hardcoded password in bizar-dash/scripts/smoke-bg-retry.mjs
bizar-dash/scripts/smoke-bg-retry.mjsView on unpkg · L65Hardcoded password in plugins/bizar/tests/http-client.test.ts
plugins/bizar/tests/http-client.test.tsView on unpkg · L51Hardcoded password in plugins/bizar/tests/serve.test.ts
plugins/bizar/tests/serve.test.tsView on unpkg · L70Hardcoded password in plugins/bizar/src/serve-info.ts
plugins/bizar/src/serve-info.tsView on unpkg · L24Hardcoded password in packages/sdk/tests/client.test.ts
packages/sdk/tests/client.test.tsView on unpkg · L23