AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI commands can install a persistent package-owned Gateway and update the package's OpenCode plugin cache. The worker executes queued, user-provided OpenCode agent tasks. No covert install-time or credential-exfiltration path was confirmed.
Decision evidence
public snapshot- `dist/cli/index.js.map` shows explicit `supertask install` creates a `supertask-gateway` PM2 service and, on macOS, a named LaunchAgent.
- `dist/cli/index.js.map` shows explicit `supertask upgrade` runs `opencode plugin opencode-supertask@<version> --global --force`.
- `dist/cli/index.js.map` shows the worker invokes `opencode run --agent <agent>` with queued user-provided prompts.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `README.md` documents PM2 setup as an explicit `supertask install` action and says the plugin does not self-install global dependencies.
- The updater targets only `opencode-supertask` and verifies the installed package name/version.
- No inspected source path harvests credentials or sends environment/file data to an external endpoint.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/web/index.jsView on unpkg · L16291Source writes installer persistence such as shell profile or service configuration.
dist/web/index.jsView on unpkg · L724Source appears to send environment or credential material to an external endpoint.
dist/cli/index.jsView on unpkg · L48A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L48Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L19861Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/plugin/supertask.jsView on unpkg · L724