AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is an AI agent platform with explicit CLI setup, sandbox execution, web fetch, update, and WeChat media-upload capabilities that align with its stated functionality.
Decision evidence
public snapshot- plugins/workboard/dist/worker/opencode-worker.js installs/runs opencode-ai@1.17.13 in a tenant shell sandbox for workboard tasks
- packages/server/dist/setup/start-server.js and launchd.js write ~/Library/LaunchAgents plist and .env during explicit setup/start flow
- plugins/wechat/dist/ilink-media.js reads a caller-supplied file path and uploads encrypted media to WeChat/iLink endpoints
- packages/server/dist/setup/update.js can run npm install -g during explicit tianshu update
- package.json has no consumer install hook; prepublishOnly only runs before publishing
- bin/tianshu.mjs is a thin CLI shim that imports packages/server/dist/cli.js only when invoked
- web-fetch.js explicitly blocks localhost, private, link-local, and cloud metadata hosts before fetch and after redirect
- launchd persistence is prompted/user-invoked via setup/start commands, not install-time or import-time
- OpenCode proxy token is per-task and revoked in finally; real LLM key/baseUrl are not written into sandbox
- No credential harvesting, hidden exfiltration, destructive behavior, or reviewer/prompt manipulation found in inspected files
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/tianshu.mjsView on unpkg · L29Package source references weak cryptographic algorithms.
plugins/wechat/dist/ilink-media.jsView on unpkg · L18Source writes installer persistence such as shell profile or service configuration.
packages/server/dist/setup/start-server.jsView on unpkg · L21Source reaches cloud instance metadata or link-local credential endpoints.
plugins/web-search/dist/tools/web-fetch.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version.
plugins/workboard/dist/worker/opencode-worker.jsView on unpkg