registry  /  chatgpt-web-opencode  /  0.2.0

chatgpt-web-opencode@0.2.0

OpenCode plugin for ChatGPT web /backend-api/f/conversation (SSE).

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `chatgpt-web-opencode setup` or activates the OpenCode plugin.
Impact
Changes user-selected OpenCode configuration and sends configured ChatGPT credentials/prompts to ChatGPT services.
Mechanism
Explicit OpenCode plugin registration plus ChatGPT OAuth and API proxying.
Rationale
Source inspection found explicit-user OpenCode configuration mutation but no lifecycle-triggered foreign control-surface change, payload execution, or exfiltration. Warn rather than block under the stated policy.
Evidence
package.jsonbin/chatgpt-web-opencode.jsdist/cli/setup.jsdist/plugin.jsdist/auth/oauth.jsdist/auth/tokens.jsdist/transport/http.jsdist/transport/headers.jsbin/chatgpt-fetch.mjs~/.config/opencode/opencode.json./opencode.json~/.cache/chatgpt-web-opencode/
Network endpoints2
auth.openai.comchatgpt.com/backend-api

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/chatgpt-web-opencode.js` invokes setup on explicit CLI use.
  • `dist/cli/setup.js` writes OpenCode global/project config and adds this plugin.
  • `dist/cli/setup.js` renames a stale package cache entry.
  • `dist/transport/http.js` spawns its bundled Node fetch helper under Bun.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook.
  • Config mutation is user-invoked, not import-time or lifecycle-triggered.
  • OAuth tokens and conversation data are sent only to OpenAI/ChatGPT endpoints.
  • Filesystem writes are limited to OpenCode config and a package-owned device-ID cache.
  • No eval, dynamic code loading, shell payload, credential harvesting, or third-party exfiltration found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 107 KB of source, external domains: api.openai.com, auth.openai.com, chatgpt.com, opencode.ai, www.googletagmanager.com

Source & flagged code

4 flagged · loading source
bin/chatgpt-web-opencode.jsView file
Published source reference
Medium
Ai Review Evidence

`bin/chatgpt-web-opencode.js` invokes setup on explicit CLI use.

bin/chatgpt-web-opencode.jsView on unpkg
dist/cli/setup.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli/setup.js` writes OpenCode global/project config and adds this plugin.

dist/cli/setup.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

`dist/cli/setup.js` renames a stale package cache entry.

dist/cli/setup.jsView on unpkg
dist/transport/http.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/transport/http.js` spawns its bundled Node fetch helper under Bun.

dist/transport/http.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencebin/chatgpt-web-opencode.js
MediumAi Review Evidencedist/cli/setup.js
MediumAi Review Evidencedist/cli/setup.js
MediumAi Review Evidencedist/transport/http.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings