registry  /  entracte-opencode  /  0.1.2

entracte-opencode@0.1.2

Your AI thinks. You earn AI credits.

AI Security Review

scanned 49m ago · by lpm-firewall-ai

When the explicitly configured OpenCode plugin starts, it requests sponsor content and records impression URLs. A server-controlled HTTP(S) `viewUrl` receives the plugin's Bearer token, creating a concrete credential-forwarding risk if the API or its response path is compromised.

Static reason
One or more suspicious static signals were detected.
Trigger
User configures `entracte-opencode` as an OpenCode plugin and OpenCode loads the TUI plugin.
Impact
A third-party tracking endpoint could receive the stored publisher machine token and use it against the package API.
Mechanism
Auto-loaded ad client forwards its machine token to server-provided tracking URLs.
Rationale
Source inspection confirms an advertising plugin with expected network and browser-opening behavior, but its unrestricted server-provided tracking URL receives authentication credentials. This supports a warning rather than a malicious block verdict.
Evidence
package.jsonREADME.mdtui.js~/.config/entracte/install-id-opencode~/.config/entracte/credentials.json/tmp/entracte-oc-debug.log
Network endpoints5
api.entracte.ai/api/serveapi.entracte.ai/api/publisher/statsapi.entracte.ai/api/publisherapi.entracte.ai/api/device/startapi.entracte.ai/api/device/poll

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `tui.js` auto-fetches sponsor data when the OpenCode TUI plugin initializes.
  • `tui.js` persists an install UUID at `~/.config/entracte/install-id-opencode`.
  • `tui.js` accepts server-supplied `viewUrl` values limited only to HTTP(S).
  • `tui.js` fetches each new `viewUrl` with the stored Bearer machine token.
  • `tui.js` stores OAuth device-flow credentials in `~/.config/entracte/credentials.json`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • The only executable entrypoint is `tui.js`, an explicit OpenCode plugin loaded after user configuration.
  • No eval, dynamic module loading, shell command construction, binary loading, or code/prompt harvesting is present.
  • `spawn` only invokes the platform URL opener for device verification and ad click URLs.
  • Package-owned files are confined to `~/.config/entracte` plus a debug log at `/tmp/entracte-oc-debug.log`.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 10.3 KB of source, external domains: api.entracte.ai

Source & flagged code

3 flagged · loading source
tui.jsView file
7import { createElement as _$createElement } from "@opentui/solid"; L8: import { spawn } from "child_process"; L9: import { randomUUID } from "crypto";
High
Child Process

Package source references child process execution.

tui.jsView on unpkg · L7
7import { createElement as _$createElement } from "@opentui/solid"; L8: import { spawn } from "child_process"; L9: import { randomUUID } from "crypto"; ... L22: dbg("=== module loaded ==="); L23: var API = (process.env.ENTRACTE_API || "https://api.entracte.ai").replace(/\/$/, ""); L24: var POLL_MS = 6e4;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

tui.jsView on unpkg · L7
7import { createElement as _$createElement } from "@opentui/solid"; L8: import { spawn } from "child_process"; L9: import { randomUUID } from "crypto"; ... L22: dbg("=== module loaded ==="); L23: var API = (process.env.ENTRACTE_API || "https://api.entracte.ai").replace(/\/$/, ""); L24: var POLL_MS = 6e4; ... L26: var AMBER = "#f59e0b"; L27: var CREDS = join(homedir(), ".config", "entracte", "credentials.json"); L28: var INSTALL_ID_FILE = join(homedir(), ".config", "entracte", "install-id-opencode"); ... L55: try { L56: return JSON.parse(readFileSync(CREDS, "utf8")); L57: } catch {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

tui.jsView on unpkg · L7

Findings

4 High2 Medium3 Low
HighChild Processtui.js
HighShell
HighSame File Env Network Executiontui.js
HighSandbox Evasion Gated Capabilitytui.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings