registry  /  cami-design  /  0.2.5

cami-design@0.2.5

Camille Pawlak's Claude Code design skill — layout, interaction, copy, and engineer modes for building, reviewing, and shipping interfaces with intent.

OSV Malicious Advisory

scanned 5d ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-4504 confirms this npm version as malicious. On install, scripts/install.js invokes autoUpdate.install(), which writes a launchd agent to ~/Library/LaunchAgents/co.themobilefirst.cami-design.update.plist (scripts/auto-update.js) that runs `npm install -g cami-design@latest --silent` every 24 hours and is loaded immediately via `launchctl load`...

Advisory
MAL-2026-4504
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in cami-design (npm)
Details
On install, scripts/install.js invokes autoUpdate.install(), which writes a launchd agent to ~/Library/LaunchAgents/co.themobilefirst.cami-design.update.plist (scripts/auto-update.js) that runs `npm install -g cami-design@latest --silent` every 24 hours and is loaded immediately via `launchctl load`. The persisted agent fetches whatever version of the package is published as @latest at any future moment, with global install scope and no integrity verification. This establishes a long-lived remote code execution channel: any subsequent malicious publish (including via a compromised npm account) will be silently auto-installed system-wide on every machine that ever installed this version. The persistence is opt-out-only (an environment variable disables it) with no prompt at install time. A separate postinstall behavior symlinks bundled directories into ~/.claude/skills/ with.bak backups; this is the advertised function and not the basis for the block, but it also mutates a user-owned config directory silently.
Decision reason
OSV/OpenSSF confirms cami-design@0.2.5 as malicious package MAL-2026-4504. Malicious code in cami-design (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory