OSV Malicious Advisory
scanned 5d ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-4504 confirms this npm version as malicious. On install, scripts/install.js invokes autoUpdate.install(), which writes a launchd agent to ~/Library/LaunchAgents/co.themobilefirst.cami-design.update.plist (scripts/auto-update.js) that runs `npm install -g cami-design@latest --silent` every 24 hours and is loaded immediately via `launchctl load`...
Advisory
MAL-2026-4504
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in cami-design (npm)
Details
On install, scripts/install.js invokes autoUpdate.install(), which writes a launchd agent to ~/Library/LaunchAgents/co.themobilefirst.cami-design.update.plist (scripts/auto-update.js) that runs `npm install -g cami-design@latest --silent` every 24 hours and is loaded immediately via `launchctl load`. The persisted agent fetches whatever version of the package is published as @latest at any future moment, with global install scope and no integrity verification. This establishes a long-lived remote code execution channel: any subsequent malicious publish (including via a compromised npm account) will be silently auto-installed system-wide on every machine that ever installed this version. The persistence is opt-out-only (an environment variable disables it) with no prompt at install time. A separate postinstall behavior symlinks bundled directories into ~/.claude/skills/ with.bak backups; this is the advertised function and not the basis for the block, but it also mutates a user-owned config directory silently.
Decision reason
OSV/OpenSSF confirms cami-design@0.2.5 as malicious package MAL-2026-4504. Malicious code in cami-design (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory