registry  /  opencode-supertask  /  0.1.27

opencode-supertask@0.1.27

AI Agent 任务调度系统 — OpenCode 插件 + CLI + Gateway 常驻进程

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Loading the OpenCode plugin may start its first-party Gateway through an already-installed PM2. Explicit `supertask install` additionally provisions PM2 persistence and a user LaunchAgent.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
OpenCode plugin configuration load; explicit `supertask install` or `supertask upgrade` commands.
Impact
Persistent local task execution capable of launching user-configured OpenCode jobs.
Mechanism
First-party OpenCode task scheduler launches and manages a local PM2 gateway.
Rationale
The package implements a persistent OpenCode scheduling extension with automatic gateway startup, which merits a warning under the extension-lifecycle policy. The scanner's credential-exfiltration claim is unsupported by the inspected source.
Evidence
package.jsondist/plugin/supertask.jsdist/cli/index.jsdist/daemon/pm2-supervisor.jsdist/gateway/index.jsdist/worker/launcher.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/plugin/supertask.js` calls `ensureGateway()` during plugin config initialization.
  • `dist/cli/index.js` starts a persistent `supertask-gateway` PM2 process and saves PM2 state.
  • `dist/cli/index.js` can install PM2 globally, create a macOS LaunchAgent, and invoke OpenCode plugin upgrades via explicit CLI commands.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No credential harvesting, authorization headers, remote payload fetches, eval/vm usage, or external exfiltration endpoint was found.
  • Observed fetch use is limited to the package's local dashboard health URL and bundled web API routes.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 7 file(s), 3.67 MB of source, external domains: 127.0.0.1, hono.dev, json-schema.org, orm.drizzle.team, www.postgresql.org

Source & flagged code

8 flagged · loading source
dist/web/index.jsView file
16291logger; L16292: exec(query) { L16293: this.client.exec(query);
High
Child Process

Package source references child process execution.

dist/web/index.jsView on unpkg · L16291
724get name() { L725: return new Intl.DateTimeFormat().resolvedOptions().timeZone; L726: } ... L1655: for (let i = 0; i < str.length; i++) { L1656: const code = str.charCodeAt(i); L1657: if (str[i].search(numberingSystems.hanidec) !== -1) { ... L3063: /** L3064: * @private L3065: */ ... L3152: * @param {string} [opts.matrix=Object] - the preset conversion system to use L3153: * @see https://en.wikipedia.org/wiki/ISO_8601#Durations L3154: * @example Duration.fromISO('P3Y6M1W4DT12H30M5S').toObject() //=> { years: 3, months: 6, weeks: 1, days: 4, hours: 12, minutes: 30, seconds: 5 }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/web/index.jsView on unpkg · L724
dist/cli/index.jsView file
48* Constructs the CommanderError class L49: * @param {number} exitCode suggested exit code which could be used with process.exit L50: * @param {string} code an id string representing the error ... L1163: var EventEmitter = __require("events").EventEmitter; L1164: var childProcess = __require("child_process"); L1165: var path = __require("path"); ... L1213: this._outputConfiguration = { L1214: writeOut: (str) => process2.stdout.write(str), L1215: writeErr: (str) => process2.stderr.write(str), ... L1252: * @returns {Command[]} L1253: * @private L1254: */
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli/index.jsView on unpkg · L48
48Trigger-reachable chain: manifest.bin -> dist/cli/index.js L48: * Constructs the CommanderError class L49: * @param {number} exitCode suggested exit code which could be used with process.exit L50: * @param {string} code an id string representing the error ... L1163: var EventEmitter = __require("events").EventEmitter; L1164: var childProcess = __require("child_process"); L1165: var path = __require("path"); ... L1213: this._outputConfiguration = { L1214: writeOut: (str) => process2.stdout.write(str), L1215: writeErr: (str) => process2.stderr.write(str), ... L1252: * @returns {Command[]} L1253: * @private L1254: */
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli/index.jsView on unpkg · L48
2003} L2004: const execArgv = process2.execArgv ?? []; L2005: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) {
High
Shell

Package source references shell execution.

dist/cli/index.jsView on unpkg · L2003
21147try { L21148: execSync("npm install -g pm2", { stdio: "inherit" }); L21149: return true;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/index.jsView on unpkg · L21147
dist/plugin/supertask.jsView file
724Cross-file remote execution chain: dist/plugin/supertask.js spawns dist/web/index.js; helper contains network access plus dynamic code execution. L724: get name() { L725: return new Intl.DateTimeFormat().resolvedOptions().timeZone; L726: } ... L1655: for (let i = 0; i < str.length; i++) { L1656: const code = str.charCodeAt(i); L1657: if (str[i].search(numberingSystems.hanidec) !== -1) { ... L3063: /** L3064: * @private L3065: */ ... L3152: * @param {string} [opts.matrix=Object] - the preset conversion system to use L3153: * @see https://en.wikipedia.org/wiki/ISO_8601#Durations L3154: * @example Duration.fromISO('P3Y6M1W4DT12H30M5S').toObject() //=> { years: 3, months: 6, weeks: 1, days: 4, hours: 12, minutes: 30, seconds: 5 }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/plugin/supertask.jsView on unpkg · L724
dist/daemon/pm2-supervisor.jsView file
matchType = previous_version_dangerous_delta matchedPackage = opencode-supertask@0.1.24 matchedIdentity = npm:b3BlbmNvZGUtc3VwZXJ0YXNr:0.1.24 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/daemon/pm2-supervisor.jsView on unpkg

Findings

3 Critical4 High5 Medium4 Low
CriticalCredential Exfiltrationdist/cli/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli/index.js
CriticalPrevious Version Dangerous Deltadist/daemon/pm2-supervisor.js
HighChild Processdist/web/index.js
HighShelldist/cli/index.js
HighCross File Remote Execution Contextdist/plugin/supertask.js
HighRuntime Package Installdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/web/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings