registry  /  opencode-supertask  /  0.1.24

opencode-supertask@0.1.24

AI Agent 任务调度系统 — OpenCode 插件 + CLI + Gateway 常驻进程

AI Security Review

scanned 1h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI commands can install a persistent package-owned Gateway and update the package's OpenCode plugin cache. The worker executes queued, user-provided OpenCode agent tasks. No covert install-time or credential-exfiltration path was confirmed.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `supertask install`, `supertask upgrade`, or starts the Gateway after creating a task.
Impact
Creates a local package-owned service and runs user-submitted agent prompts.
Mechanism
Explicit PM2/LaunchAgent setup, first-party plugin update, and OpenCode subprocess execution.
Rationale
The package is not malicious by static inspection, but its explicit first-party agent-extension and service-lifecycle setup warrants a warning under the firewall policy.
Evidence
package.jsonREADME.mddist/cli/index.jsdist/cli/index.js.mapdist/plugin/supertask.js~/.cache/opencode/packages~/.config/opencode/supertask.json~/Library/LaunchAgents/com.supertask.pm2-resurrect.plist

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli/index.js.map` shows explicit `supertask install` creates a `supertask-gateway` PM2 service and, on macOS, a named LaunchAgent.
  • `dist/cli/index.js.map` shows explicit `supertask upgrade` runs `opencode plugin opencode-supertask@<version> --global --force`.
  • `dist/cli/index.js.map` shows the worker invokes `opencode run --agent <agent>` with queued user-provided prompts.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • `README.md` documents PM2 setup as an explicit `supertask install` action and says the plugin does not self-install global dependencies.
  • The updater targets only `opencode-supertask` and verifies the installed package name/version.
  • No inspected source path harvests credentials or sends environment/file data to an external endpoint.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 5 file(s), 3.36 MB of source, external domains: hono.dev, json-schema.org, orm.drizzle.team, www.postgresql.org

Source & flagged code

7 flagged · loading source
dist/web/index.jsView file
16291logger; L16292: exec(query) { L16293: this.client.exec(query);
High
Child Process

Package source references child process execution.

dist/web/index.jsView on unpkg · L16291
724get name() { L725: return new Intl.DateTimeFormat().resolvedOptions().timeZone; L726: } ... L1655: for (let i = 0; i < str.length; i++) { L1656: const code = str.charCodeAt(i); L1657: if (str[i].search(numberingSystems.hanidec) !== -1) { ... L3063: /** L3064: * @private L3065: */ ... L3152: * @param {string} [opts.matrix=Object] - the preset conversion system to use L3153: * @see https://en.wikipedia.org/wiki/ISO_8601#Durations L3154: * @example Duration.fromISO('P3Y6M1W4DT12H30M5S').toObject() //=> { years: 3, months: 6, weeks: 1, days: 4, hours: 12, minutes: 30, seconds: 5 }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/web/index.jsView on unpkg · L724
dist/cli/index.jsView file
48* Constructs the CommanderError class L49: * @param {number} exitCode suggested exit code which could be used with process.exit L50: * @param {string} code an id string representing the error ... L1163: var EventEmitter = __require("events").EventEmitter; L1164: var childProcess = __require("child_process"); L1165: var path = __require("path"); ... L1213: this._outputConfiguration = { L1214: writeOut: (str) => process2.stdout.write(str), L1215: writeErr: (str) => process2.stderr.write(str), ... L1252: * @returns {Command[]} L1253: * @private L1254: */
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli/index.jsView on unpkg · L48
48Trigger-reachable chain: manifest.bin -> dist/cli/index.js L48: * Constructs the CommanderError class L49: * @param {number} exitCode suggested exit code which could be used with process.exit L50: * @param {string} code an id string representing the error ... L1163: var EventEmitter = __require("events").EventEmitter; L1164: var childProcess = __require("child_process"); L1165: var path = __require("path"); ... L1213: this._outputConfiguration = { L1214: writeOut: (str) => process2.stdout.write(str), L1215: writeErr: (str) => process2.stderr.write(str), ... L1252: * @returns {Command[]} L1253: * @private L1254: */
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli/index.jsView on unpkg · L48
2003} L2004: const execArgv = process2.execArgv ?? []; L2005: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
Shell

Package source references shell execution.

dist/cli/index.jsView on unpkg · L2003
19861try { L19862: execSync("npm install -g pm2", { stdio: "inherit" }); L19863: return true;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/index.jsView on unpkg · L19861
dist/plugin/supertask.jsView file
724Cross-file remote execution chain: dist/plugin/supertask.js spawns dist/web/index.js; helper contains network access plus dynamic code execution. L724: get name() { L725: return new Intl.DateTimeFormat().resolvedOptions().timeZone; L726: } ... L1655: for (let i = 0; i < str.length; i++) { L1656: const code = str.charCodeAt(i); L1657: if (str[i].search(numberingSystems.hanidec) !== -1) { ... L3063: /** L3064: * @private L3065: */ ... L3152: * @param {string} [opts.matrix=Object] - the preset conversion system to use L3153: * @see https://en.wikipedia.org/wiki/ISO_8601#Durations L3154: * @example Duration.fromISO('P3Y6M1W4DT12H30M5S').toObject() //=> { years: 3, months: 6, weeks: 1, days: 4, hours: 12, minutes: 30, seconds: 5 }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/plugin/supertask.jsView on unpkg · L724

Findings

2 Critical4 High5 Medium4 Low
CriticalCredential Exfiltrationdist/cli/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli/index.js
HighChild Processdist/web/index.js
HighShelldist/cli/index.js
HighCross File Remote Execution Contextdist/plugin/supertask.js
HighRuntime Package Installdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/web/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings