omu
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill performs confirmed remote code execution from an unverified source.
- Evidence: 'scripts/install.sh' downloads 'https://plannotator.ai/install.sh' and pipes it directly to the bash interpreter.
- [REMOTE_CODE_EXECUTION]: Use of dynamic execution tools for remote third-party packages.
- Evidence: 'scripts/install.sh' executes 'oh-my-opencode' and 'oh-my-ag' via npx and bunx without source verification or integrity checks.
- [EXTERNAL_DOWNLOADS]: Installation of unverified third-party software and plugins.
- Evidence: 'scripts/install.sh' installs global npm packages including 'agent-browser' and 'playwriter' from public registries.
- Evidence: 'scripts/setup-claude.sh' installs a plugin from the third-party GitHub repository 'Yeachan-Heo/oh-my-claudecode'.
- [COMMAND_EXECUTION]: Persistent modification of sensitive system-wide AI tool configurations.
- Evidence: 'scripts/setup-claude.sh', 'scripts/setup-codex.sh', and 'scripts/setup-gemini.sh' modify settings files in the user's home directory (e.g., '~/.claude/settings.json') to install execution hooks.
- Evidence: The skill writes new executable scripts to the host system at '
/.codex/hooks/omu-notify.py' and '/.gemini/hooks/omu-plannotator.sh' and configures agents to trigger them automatically.
Recommendations
- HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata