registry  /  opencode-supertask  /  0.1.21

opencode-supertask@0.1.21

AI Agent 任务调度系统 — OpenCode 插件 + CLI + Gateway 常驻进程

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The plugin can auto-start its own local PM2 gateway when imported if PM2 already exists. Explicit CLI commands can install PM2, register the gateway, update the plugin cache, and execute queued OpenCode tasks. No confirmed outbound exfiltration or foreign AI-agent configuration mutation was found.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Plugin import for gateway startup; explicit `supertask install`, `upgrade`, or queued task execution.
Impact
Creates persistent local service behavior and runs OpenCode agents for queued user-provided prompts; no concrete malicious chain confirmed.
Mechanism
First-party OpenCode task scheduler with PM2 service management and user-task process spawning.
Rationale
The static malicious hint overstates the observed behavior: runtime installation and shell/process use are confined to documented SuperTask CLI and service-management features. The import-time first-party gateway setup remains a meaningful lifecycle risk, so warn rather than block.
Evidence
package.jsondist/plugin/supertask.jsdist/cli/index.jsdist/worker/index.jsdist/gateway/index.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/plugin/supertask.js` calls `ensureGateway()` during plugin initialization and can start a PM2-managed gateway.
  • `dist/cli/index.js` `supertask install` installs PM2 globally and registers the gateway with PM2 persistence.
  • `dist/worker/index.js` executes user-created queued tasks through `opencode run --agent ... <prompt>`.
  • `dist/cli/index.js` `upgrade` invokes `opencode plugin opencode-supertask@latest --global --force`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • No evaluated `eval` or `new Function` calls were found in executable package code.
  • No outbound credential, environment, or file-exfiltration path was found.
  • `fetch` uses are dashboard-relative API calls; the gateway binds its dashboard to `127.0.0.1`.
  • Filesystem writes are limited to SuperTask's SQLite/config/version state paths and explicit CLI initialization.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 5 file(s), 3.30 MB of source, external domains: developer.mozilla.org, developers.cloudflare.com, hono.dev, json-schema.org, orm.drizzle.team, www.postgresql.org

Source & flagged code

7 flagged · loading source
dist/web/index.jsView file
16291logger; L16292: exec(query) { L16293: this.client.exec(query);
High
Child Process

Package source references child process execution.

dist/web/index.jsView on unpkg · L16291
724get name() { L725: return new Intl.DateTimeFormat().resolvedOptions().timeZone; L726: } ... L1655: for (let i = 0; i < str.length; i++) { L1656: const code = str.charCodeAt(i); L1657: if (str[i].search(numberingSystems.hanidec) !== -1) { ... L3063: /** L3064: * @private L3065: */ ... L3152: * @param {string} [opts.matrix=Object] - the preset conversion system to use L3153: * @see https://en.wikipedia.org/wiki/ISO_8601#Durations L3154: * @example Duration.fromISO('P3Y6M1W4DT12H30M5S').toObject() //=> { years: 3, months: 6, weeks: 1, days: 4, hours: 12, minutes: 30, seconds: 5 }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/web/index.jsView on unpkg · L724
dist/cli/index.jsView file
48* Constructs the CommanderError class L49: * @param {number} exitCode suggested exit code which could be used with process.exit L50: * @param {string} code an id string representing the error ... L1163: var EventEmitter = __require("events").EventEmitter; L1164: var childProcess = __require("child_process"); L1165: var path = __require("path"); ... L1213: this._outputConfiguration = { L1214: writeOut: (str) => process2.stdout.write(str), L1215: writeErr: (str) => process2.stderr.write(str), ... L1252: * @returns {Command[]} L1253: * @private L1254: */
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli/index.jsView on unpkg · L48
48Trigger-reachable chain: manifest.bin -> dist/cli/index.js L48: * Constructs the CommanderError class L49: * @param {number} exitCode suggested exit code which could be used with process.exit L50: * @param {string} code an id string representing the error ... L1163: var EventEmitter = __require("events").EventEmitter; L1164: var childProcess = __require("child_process"); L1165: var path = __require("path"); ... L1213: this._outputConfiguration = { L1214: writeOut: (str) => process2.stdout.write(str), L1215: writeErr: (str) => process2.stderr.write(str), ... L1252: * @returns {Command[]} L1253: * @private L1254: */
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli/index.jsView on unpkg · L48
2003} L2004: const execArgv = process2.execArgv ?? []; L2005: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
Shell

Package source references shell execution.

dist/cli/index.jsView on unpkg · L2003
19360try { L19361: execSync("npm install -g pm2", { stdio: "inherit" }); L19362: return true;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/index.jsView on unpkg · L19360
dist/plugin/supertask.jsView file
724Cross-file remote execution chain: dist/plugin/supertask.js spawns dist/web/index.js; helper contains network access plus dynamic code execution. L724: get name() { L725: return new Intl.DateTimeFormat().resolvedOptions().timeZone; L726: } ... L1655: for (let i = 0; i < str.length; i++) { L1656: const code = str.charCodeAt(i); L1657: if (str[i].search(numberingSystems.hanidec) !== -1) { ... L3063: /** L3064: * @private L3065: */ ... L3152: * @param {string} [opts.matrix=Object] - the preset conversion system to use L3153: * @see https://en.wikipedia.org/wiki/ISO_8601#Durations L3154: * @example Duration.fromISO('P3Y6M1W4DT12H30M5S').toObject() //=> { years: 3, months: 6, weeks: 1, days: 4, hours: 12, minutes: 30, seconds: 5 }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/plugin/supertask.jsView on unpkg · L724

Findings

2 Critical4 High5 Medium4 Low
CriticalCredential Exfiltrationdist/cli/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli/index.js
HighChild Processdist/web/index.js
HighShelldist/cli/index.js
HighCross File Remote Execution Contextdist/plugin/supertask.js
HighRuntime Package Installdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/web/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings