oma-design
Warn
Audited by Socket on Jun 13, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core design-doc purpose is mostly coherent, but the optional getdesign path introduces medium supply-chain and trust-boundary risk through unpinned `bunx ...@latest` execution of a third-party package. No clear credential harvesting, secret-file access, stealth behavior, or confirmed malicious data exfiltration is present, so this is better classified as vulnerable/suspicious rather than malicious.
Confidence: 100%Severity: 60%
Audit Metadata