registry  /  oh-my-claude-sisyphus  /  4.15.4

oh-my-claude-sisyphus@4.15.4

⚠ Under review

Multi-agent orchestration system for Claude Code - Inspired by oh-my-opencode

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 22 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 630 file(s), 8.99 MB of source, external domains: 127.0.0.1, antigravity.google, api.bitbucket.org, api.github.com, api.telegram.org, build.grok.com, claude.ai, code.claude.com, dart.dev, discord.com, docs.anthropic.com, docs.cursor.com, docs.n8n.io, example.com, flutter.dev, github.com, img.shields.io, in-toto.io, json-schema.org, learn.microsoft.com, raw.githubusercontent.com, registry.npmjs.org, slack.com, slsa-framework.github.io, slsa.dev, spec.openapis.org, stackoverflow.com, swift.org, tools.ietf.org, www.safaribooksonline.com, www.w3.org
Oversized source lightweight scan
bridge/cli.cjs3.65 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoHighEntropyStringsUrlStringscode.claude.comgithub.comlearn.microsoft.com

Source & flagged code

14 flagged · loading source
dist/autoresearch/runtime.jsView file
1import { execFileSync, spawnSync } from 'child_process'; L2: import { existsSync } from 'fs';
High
Child Process

Package source references child process execution.

dist/autoresearch/runtime.jsView on unpkg · L1
367encoding: 'utf-8', L368: shell: true, L369: maxBuffer: 1024 * 1024,
High
Shell

Package source references shell execution.

dist/autoresearch/runtime.jsView on unpkg · L367
bridge/mcp-server.cjsView file
2955sourceCode = this.opts.code.process(sourceCode, sch); L2956: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2957: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

bridge/mcp-server.cjsView on unpkg · L2955
dist/tools/ast-tools.jsView file
18// L19: // IMPORTANT: Uses createRequire() (CJS resolution) instead of dynamic import() (ESM resolution) L20: // because ESM resolution does NOT respect NODE_PATH or Module._initPaths().
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/tools/ast-tools.jsView on unpkg · L18
dist/openclaw/dedupe.jsView file
54try { L55: const parsed = JSON.parse(readFileSync(statePath, "utf-8")); L56: return {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/openclaw/dedupe.jsView on unpkg · L54
dist/team/tmux-session.jsView file
9import { createHash } from 'crypto'; L10: import { execFile } from 'child_process'; L11: import { promisify } from 'util'; ... L20: const TMUX_SESSION_PREFIX = 'omc-team'; L21: export function detectTeamMultiplexerContext(env = process.env) { L22: if (env.TMUX) ... L29: * True when running on Windows under MSYS2/Git Bash. L30: * Tmux panes run bash in this environment, not cmd.exe. L31: */ L32: export function isUnixLikeOnWindows() { L33: return process.platform === 'win32' && L34: !!(process.env.MSYSTEM || process.env.MINGW_PREFIX);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/team/tmux-session.jsView on unpkg · L9
dist/tools/lsp/servers.jsView file
6*/ L7: import { spawnSync } from 'child_process'; L8: import { existsSync, readFileSync } from 'fs'; ... L20: const workspaceRoot = dirname(packageNodeModules); L21: const executable = process.platform === 'win32' ? 'tsc.cmd' : 'tsc'; L22: return join(workspaceRoot, 'node_modules', '.bin', executable); ... L26: while (true) { L27: const packageJsonPath = join(dir, 'node_modules', 'typescript', 'package.json'); L28: if (existsSync(packageJsonPath)) { ... L39: try { L40: const packageJson = JSON.parse(readFileSync(join(packageRoot, 'package.json'), 'utf8')); L41: if (typeof packageJson.version !== 'string') {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/tools/lsp/servers.jsView on unpkg · L6
bridge/runtime-cli.cjsView file
34function tmuxEnv() { L35: const { TMUX: _, PSMUX_SESSION: __, ...env } = process.env; L36: return env; ... L41: function isUnixLikeOnWindows() { L42: return process.platform === "win32" && !!(process.env.MSYSTEM || process.env.MINGW_PREFIX); L43: } ... L54: if (process.platform === "win32" && /\.(cmd|bat)$/i.test(resolvedBinary)) { L55: const comspec = process.env.COMSPEC || "cmd.exe"; L56: const commandLine = [quoteForCmd(resolvedBinary), ...args.map(quoteForCmd)].join(" "); ... L111: if (result.status !== 0) return "tmux"; L112: const candidates = result.stdout?.split(/\r?\n/).map((line) => line.trim()).filter(Boolean) ?? []; L113: const first = candidates[0];
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

bridge/runtime-cli.cjsView on unpkg · L34
dist/features/auto-update.jsView file
41if (process.platform === 'win32') { L42: execSync(`npm install -g ${packageSpec}`, npmExecOptions(verbose)); L43: return;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/features/auto-update.jsView on unpkg · L41
bridge/run-mcp-server.shView file
path = bridge/run-mcp-server.sh kind = build_helper sizeBytes = 445 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bridge/run-mcp-server.shView on unpkg
skills/project-session-manager/tests/test-psm-prompt-injection.shView file
path = skills/project-session-manager/tests/test-psm-prompt-injection.sh kind = payload_in_excluded_dir sizeBytes = 12189 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/project-session-manager/tests/test-psm-prompt-injection.shView on unpkg
bridge/cli.cjsView file
path = bridge/cli.cjs kind = oversized_source_file sizeBytes = 3827387 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

bridge/cli.cjsView on unpkg
path = bridge/cli.cjs kind = oversized_cli_entrypoint sizeBytes = 3827387 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

bridge/cli.cjsView on unpkg
dist/hooks/skill-bridge.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = oh-my-claude-sisyphus@4.15.2 matchedIdentity = npm:b2gtbXktY2xhdWRlLXNpc3lwaHVz:4.15.2 similarity = 0.783 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/hooks/skill-bridge.cjsView on unpkg

Findings

1 Critical7 High7 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/hooks/skill-bridge.cjs
HighChild Processdist/autoresearch/runtime.js
HighShelldist/autoresearch/runtime.js
HighSandbox Evasion Gated Capabilitydist/tools/lsp/servers.js
HighCloud Metadata Accessbridge/runtime-cli.cjs
HighRuntime Package Installdist/features/auto-update.js
HighPayload In Excluded Dirskills/project-session-manager/tests/test-psm-prompt-injection.sh
HighOversized Source Filebridge/cli.cjs
MediumDynamic Requiredist/tools/ast-tools.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/team/tmux-session.js
MediumShips Build Helperbridge/run-mcp-server.sh
MediumOversized Cli Entrypointbridge/cli.cjs
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalbridge/mcp-server.cjs
LowWeak Cryptodist/openclaw/dedupe.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings