Back to plugin

Security audit

OMNI Semantic Signal Engine

Security checks across malware telemetry and agentic risk

Overview

This appears to be the OMNI shell-output filtering wrapper it claims to be, but it effectively gives the agent a shell-like command tool and has a few packaging/documentation inconsistencies.

Install this only if you intentionally want your agent to have an OMNI-mediated, shell-like command execution tool. The provided plugin code does not show hidden network endpoints or credential requests, but its local-only/privacy claims depend on the separate `omni` CLI you install, so verify that binary from its official source. Also note the small inconsistencies: the registry did not list the required `omni` binary, the package versions do not all match, and the advertised custom `omniPath` setting appears to be ignored by the code.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.ts:25
Evidence
execFile(bin, args, { shell: false, env: sanitizedEnv }, (error, stdout, stderr) => {