AI Security Review
scanned 3h ago · by lpm-firewall-aiNo malicious install-time behavior was found, but the user-started local server exposes configured provider records including API keys through a CORS-enabled endpoint. This is a real local credential exposure risk rather than confirmed malware.
Decision evidence
public snapshot- dist/server.js uses app.use(cors()) with no origin restriction.
- dist/server.js GET /providers returns providerConfigs, which can include apiKey from POST /providers or process.env.KIMI_API_KEY.
- dist/cli.js ui command can spawn bundled dist/server.js and open the local web UI.
- dist/cli.js skill generate writes generated adapter files to OMEGA_HARNESS_ROOT or inferred packages/skills/src.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/cli.js child_process use is user-invoked for starting the bundled/local harness server, not install-time execution.
- Network endpoints are package-aligned local harness and configured LLM provider APIs.
- No evidence of credential harvesting from files, stealth persistence, destructive behavior, or remote payload loading.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L77This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg