registry  /  @castlemilk/omega  /  0.6.0

@castlemilk/omega@0.6.0

Omega Harness CLI - installable via npx

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established by the inspected package source. The package is a CLI/web harness that talks to local services and has explicit user-invoked agent/skill features.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs harness/omega-harness commands such as ui, task, agent, or skill generate.
Impact
No unconsented install-time/import-time execution or exfiltration identified.
Mechanism
local harness orchestration with optional user-invoked agent task creation
Rationale
Scanner hits map to package-aligned local server, CLI, and explicit agent/skill functionality rather than hidden install-time behavior or exfiltration. The agent capability is user-invoked and partly unresolved because @omega/agent source is not packaged, so it does not support a malicious block for this package source.
Evidence
package.jsondist/cli.jsdist/server/src/lib/run-task.tsdist/server/src/routes/tasks.tsdist/server/src/grpc.tsdist/server/dist/lib/run-task.jsdist/cli.js writes generated skill adapter files only when skill generate is invoked
Network endpoints3
localhost:4000localhost:500510.0.0.0:50051

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli.js exposes user-invoked agent commands that create/run harness tasks tagged agent/self-improve.
  • dist/server/src/lib/run-task.ts delegates agent-tagged tasks to @omega/agent, but that package source is not included here.
Evidence against
  • package.json has only prepublishOnly; no install/postinstall/prepare runtime hook for consumers.
  • dist/cli.js network defaults are localhost HTTP/gRPC endpoints, with user-configurable HARNESS_API_URL/HARNESS_GRPC_TARGET.
  • dist/cli.js child_process spawn is in the ui command to start the bundled local server or dev server.
  • dist/cli.js file writes occur only in the explicit skill generate command to create adapter files.
  • No credential harvesting, home-directory scanning, persistence, destructive behavior, or external exfiltration endpoints found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 38 file(s), 560 KB of source, external domains: reactjs.org, www.w3.org

Source & flagged code

4 flagged · loading source
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @castlemilk/omega@0.1.9 matchedIdentity = npm:QGNhc3RsZW1pbGsvb21lZ2E:0.1.9 similarity = 0.556 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/cli.jsView on unpkg
428import { Command as Command4 } from "commander"; L429: import { spawn } from "child_process"; L430: import { existsSync as existsSync2 } from "fs";
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L428
537stdio: "inherit", L538: shell: true, L539: env
High
Shell

Package source references shell execution.

dist/cli.jsView on unpkg · L537
527const grpcPort = await findAvailablePort(DEFAULT_GRPC_PORT, MAX_GRPC_PORT); L528: apiUrl = `http://localhost:${port.toString()}`; L529: process.env.HARNESS_API_URL = apiUrl; L530: const env = { ... L535: }; L536: server = startBundledServer(env) ?? spawn("pnpm", ["--filter", "@omega/server", "dev"], { L537: stdio: "inherit",
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L527

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/cli.js
HighShelldist/cli.js
HighSame File Env Network Executiondist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings