AI Security Review
scanned 23h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are user-invoked security CLI behavior: scanning local files, optional remote backend submission, optional Anthropic AI calls, and explicit hook/report/config writes.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs omniguard commands such as login, scan, fix, explain, reports, install-hooks, tui, or nexus mcp.
Impact
May transmit scanned code or prompts to configured OmniGuard/Anthropic services and write local CLI config or explicit git hook/report files.
Mechanism
package-aligned security scanner and management CLI
Rationale
Static inspection found no lifecycle execution, stealth persistence, destructive behavior, credential exfiltration to attacker infrastructure, or unconsented AI-agent control-surface mutation. The suspicious scanner hints correspond to expected security-scanner rules, explicit user commands, and package-aligned network/config behavior.
Evidence
package.jsonsrc/index.jssrc/api.jssrc/tui.jssrc/mcp-server.jssrc/test-ai.js~/.omniguard/config.json~/.omniguard/daemon.log.git/hooks/pre-commitomniguard-ciso-report.md.envomniguard/.env../.env
Network endpoints3
krnpfunshzycavskrtod.supabase.coapi.anthropic.comomniguard.io/device
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
- src/test-ai.js can read ./ .env ANTHROPIC_API_KEY and call api.anthropic.com, but only when that helper is directly run.
- src/index.js fix/explain can read ANTHROPIC_API_KEY from .env locations and call Anthropic on explicit user command.
- src/index.js scan sends file path/content to configured backend when authenticated.
- src/index.js install-hooks explicitly writes .git/hooks/pre-commit on user command.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin entry is src/index.js; unauthenticated default path opens TUI or requires login, no install-time execution.
- Network calls are to package-aligned OmniGuard Supabase backend or Anthropic API for user-invoked AI features.
- Credential handling stores OmniGuard API key in ~/.omniguard/config.json encrypted; no attacker endpoint found.
- Scanner secret regex findings are rule definitions, not embedded live secrets.
- MCP server is static stdio tooling and does not write AI-agent configuration on install.
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
7 flagged · loading sourcesrc/index.jsView file
308patternName = supabase_service_key
severity = critical
line = 308
matchedText = const an...BVE'
Critical
308patternName = supabase_service_key
severity = critical
line = 308
matchedText = const an...BVE'
Critical
398patternName = supabase_service_key
severity = critical
line = 398
matchedText = anonKey ...BVE'
Critical
405patternName = supabase_service_key
severity = critical
line = 405
matchedText = anonKey ...BVE'
Critical
692patternName = aws_access_key
severity = critical
line = 692
matchedText = const aw...LE';
Critical
83{ id: 'SAST-CRYPTO-001', name: 'Weak Hash MD5', re: /createHash\s*\(\s*["']md5["']/gi, sev: 'high' },
L84: { id: 'SAST-EVAL-001', name: 'eval() Usage', re: /\beval\s*\(/g, sev: 'high' },
L85: { id: 'SAST-PATH-001', name: 'Path Traversal', re: /\.\.\/|path\.join\([^)]*req\.|path\.join\([^)]*params\./gi, sev: 'high' }
Low
Eval
Package source references a known benign dynamic code generation pattern.
src/index.jsView on unpkg · L836const path = require('path')
L7: const http = require('http')
L8: const https = require('https')
L9: const readline = require('readline')
L10: const { execSync, spawn } = require('child_process')
L11:
...
L15: const VERSION = '1.1.1'
L16: const LOG_FILE = path.join(os.homedir(), '.omniguard', 'daemon.log')
L17:
...
L29: return new Promise(resolve => {
L30: const rl = readline.createInterface({ input: process.stdin, output: process.stdout })
L31: if (!hidden) return rl.question(question, answer => { rl.close(); resolve(answer) })
Low
Findings
5 Critical2 Medium6 Low
CriticalCritical Secretsrc/index.js
CriticalSecret Patternsrc/index.js
CriticalSecret Patternsrc/index.js
CriticalSecret Patternsrc/index.js
CriticalSecret Patternsrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvalsrc/index.js
LowWeak Cryptosrc/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings