AI Security Review
scanned 3d ago · by lpm-firewall-aiThe package ships a local AI agent harness with file-write, command execution, git, and publish capabilities. This is high-risk but user-invoked and package-aligned rather than confirmed malicious install/import behavior.
Decision evidence
public snapshot- dist/server/node_modules/@omega/agent/dist/tools.js exposes LLM-driven read_file/write_file/run_command on projectPath
- dist/server/node_modules/@omega/agent/dist/publisher.js can pnpm install/build/publish and git push when autoPublish is enabled
- dist/server/dist/grpc.js binds insecure gRPC on 0.0.0.0 and can auto_run submitted tasks
- dist/server/dist/routes/projects.js accepts arbitrary project paths via HTTP API
- package.json has only prepublishOnly; no install/postinstall runtime hook
- dist/cli.js child_process use starts bundled local server only from user-invoked ui command
- network defaults are localhost harness endpoints and configured provider APIs
- agent capability is explicit product functionality, not hidden import/install behavior
- no credential harvesting, persistence, destructive lifecycle action, or hardcoded exfiltration endpoint found
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L540