AI Security Review
scanned 23h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface is established. The package exposes user-invoked helpers for OMP plugin installation, agent template generation, and package-aligned update checks.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit caller invocation of installExtension, updateCli, updateExtension, init, or refresh APIs
Impact
May modify .omp/oh-my-roadmap state or install package-aligned @oh-my-roadmap packages when invoked by a caller; no automatic lifecycle execution found.
Mechanism
package-owned OMP plugin/agent setup and npm registry update checks
Rationale
Static inspection shows agent/plugin control-surface writes, child processes, and network calls are OMP/oh-my-roadmap aligned and only occur through exported user-invoked functions, with no npm lifecycle hook or import-time behavior. This fits a guarded first-party agent-extension lifecycle risk rather than malware or unconsented AI-agent control hijack.
Evidence
package.jsonsrc/cli/install.tssrc/cli/update.tssrc/project-init.tssrc/omp-paths.tssrc/files.ts<cwd>/.omp/plugins/package.json<cwd>/.omp/plugins/node_modules~/.omp/plugins/package.json~/.omp/plugins/node_modules<cwd>/.omp/agents/*.md~/.omp/agent/agents/*.md~/.omp/oh-my-roadmap/update-check.json
Network endpoints1
registry.npmjs.org/${packageName}/latest
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- src/cli/install.ts writes @oh-my-roadmap/plugin dependency into OMP plugin roots and runs bun/npm install when installExtension is invoked.
- src/project-init.ts can generate OMP agent definition markdown under project/global .omp locations when user calls init/refresh APIs.
- src/cli/update.ts can fetch npm registry latest metadata and run npm install -g for @oh-my-roadmap/cli when updateCli is invoked.
Evidence against
- package.json has no npm lifecycle scripts, bin, or automatic install-time entrypoint.
- Agent/plugin writes are scoped to OMP-owned .omp paths and require exported CLI/API functions, not package import or npm install.
- Network endpoint is limited to npm registry version lookup for package-aligned update checks.
- No credential harvesting, broad filesystem search, exfiltration endpoint, eval/vm/Function, native binary loading, or persistence hooks found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcesrc/cli/install.tsView file
1import {spawn} from 'node:child_process'
L2: import * as fs from 'node:fs/promises'
High
src/cli/update.tsView file
94L95: // The CLI self-update: `npm install -g @oh-my-roadmap/cli@<version>`. Injected in tests.
L96: export type CliUpdateRunner = (version: string) => Promise<void>;
...
L99: new Promise((resolve, reject) => {
L100: const child = spawn('npm', ['install', '-g', `${CLI_PACKAGE}@${version}`], {stdio: 'inherit'})
L101: child.on('error', reject)
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/cli/update.tsView on unpkg · L94Findings
3 High2 Medium2 Low
HighChild Processsrc/cli/install.ts
HighShell
HighRuntime Package Installsrc/cli/update.ts
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowUrl Strings