registry  /  @castlemilk/omega  /  0.6.1

@castlemilk/omega@0.6.1

Omega Harness CLI - installable via npx

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an Omega Harness CLI/server bundle with local web UI, local API/gRPC, provider configuration, and user-invoked skill generation.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs harness/omega-harness commands such as ui, task run, agent run, or skill generate
Impact
Package-aligned local server/task management; no source-grounded unconsented compromise identified
Mechanism
local harness CLI, localhost API calls, optional provider API calls, user-invoked file generation
Rationale
Static inspection shows risky primitives are tied to explicit CLI/server features: starting a local harness server, localhost polling, configured provider calls, and user-invoked skill adapter generation. I found no install-time execution, credential harvesting, external exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsondist/cli.jsdist/server/src/lib/run-task.tsdist/server/src/routes/tasks.tsdist/server/src/routes/providers.tsdist/server/package.jsondist/server/dist/index.jspackages/skills/src/generated/<ClassName>.tspackages/skills/src/generated/index.tsharness-skills/generated/<ClassName>.tsharness-skills/generated/index.ts
Network endpoints3
localhost:4000localhost:50051localhost:<PORT>

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli.js has user-invoked child_process spawn for bundled server or pnpm dev fallback in ui command
  • dist/cli.js skill generate writes adapter files under OMEGA_HARNESS_ROOT or harness-skills
  • dist/server routes can store provider apiKey and send prompts to configured providers when tasks are run
Evidence against
  • package.json has only prepublishOnly build hook, no install/import-time lifecycle execution
  • dist/cli.js network calls target localhost API/gRPC by default or user-supplied --api/HARNESS_* values
  • spawned server path is package-local dist/server/dist/index.js or development pnpm fallback, triggered by harness ui
  • No credential harvesting, external exfiltration endpoint, destructive install behavior, or persistence found
  • Agent execution is user-triggered via task tags/routes and @omega/agent bundled package appears missing dist implementation
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 38 file(s), 560 KB of source, external domains: reactjs.org, www.w3.org

Source & flagged code

4 flagged · loading source
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @castlemilk/omega@0.1.9 matchedIdentity = npm:QGNhc3RsZW1pbGsvb21lZ2E:0.1.9 similarity = 0.556 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/cli.jsView on unpkg
428import { Command as Command4 } from "commander"; L429: import { spawn } from "child_process"; L430: import { existsSync as existsSync2 } from "fs";
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L428
537stdio: "inherit", L538: shell: true, L539: env
High
Shell

Package source references shell execution.

dist/cli.jsView on unpkg · L537
527const grpcPort = await findAvailablePort(DEFAULT_GRPC_PORT, MAX_GRPC_PORT); L528: apiUrl = `http://localhost:${port.toString()}`; L529: process.env.HARNESS_API_URL = apiUrl; L530: const env = { ... L535: }; L536: server = startBundledServer(env) ?? spawn("pnpm", ["--filter", "@omega/server", "dev"], { L537: stdio: "inherit",
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L527

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/cli.js
HighShelldist/cli.js
HighSame File Env Network Executiondist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings