Omni

Security

Every extension is scanned.
No exceptions.

Our 4-layer antivirus pipeline analyzes every submission before it reaches you. Extensions run in isolated WASM sandboxes with capability-based permissions.

Pipeline

4-layer security pipeline

Each layer produces a score from 0-100. The weighted average determines the verdict. No single point of failure.

01

Signature Scanning

30%

Every WASM binary is checked against 79+ known malicious patterns. Our signature database covers command injection, data exfiltration, cryptomining payloads, reverse shells, and more. Patterns are compiled into a RegexSet for fast matching.

Detects
Known malware byte sequences
Command injection patterns
Data exfiltration URLs and encoding tricks
Cryptomining payloads and wallet addresses
Base64/Unicode obfuscation attempts
02

Heuristic Analysis

25%

Behavioral rules analyze whether an extension's permission requests make sense for its stated purpose. A weather tool requesting filesystem write access or a calculator asking for network permissions will be flagged.

Detects
Suspicious permission/category combinations
Excessive permissions relative to functionality
Missing or low-quality manifest metadata
Unusual WASM imports and memory patterns
Permission escalation attempts
03

AI Code Review

30%

Claude analyzes the extension's manifest, permission list, and embedded code patterns. The AI evaluates data exfiltration risk, checks whether behavior matches the description, and assesses whether permission requests are justified.

Detects
Hidden functionality not in manifest
Data exfiltration through covert channels
Behavior mismatching description
Unjustified permission requests
Social engineering in descriptions
04

Sandbox Testing

15%

The extension is executed in a fully isolated WASM runtime with synthetic inputs. We monitor memory usage, CPU time, attempted syscalls, and network call attempts. This catches runtime threats that static analysis might miss.

Detects
Infinite loops and excessive CPU usage
Memory allocation bombs
Attempted syscalls outside the sandbox
Network access to unexpected hosts
Sandbox escape techniques

Isolation

WASM Sandboxing

Every extension runs inside an isolated WebAssembly sandbox powered by Wasmtime. Extensions cannot access your system directly — they can only use host functions that you've explicitly granted through the permission system.

The sandbox enforces strict resource limits: maximum memory allocation, CPU time per tool call, and concurrent execution limits. If an extension exceeds its limits, it's terminated immediately without affecting other extensions or the Omni runtime.

Cannot access

Raw filesystem

Network sockets

System processes

Other extensions' data

Clipboard (without permission)

Environment variables

With permission

HTTP to allowed domains

Scoped file read/write

LLM inference via bridge

Channel messaging

Extension key-value store

Permissions

Capability-based permissions

Extensions declare what they need in their manifest. You review and approve permissions before installation. Every capability has a severity level.

PermissionScopeSeverity
HTTP Network Accessnetwork.httpmedium
WebSocket Accessnetwork.websocketmedium
File System Readfilesystem.readhigh
File System Writefilesystem.writehigh
AI Inferenceai.inferencemedium
Channel Messagingchannel.sendhigh
Web Scrapingbrowser.scrapehigh
Clipboard Readclipboard.readmedium
Clipboard Writeclipboard.writelow
Notificationssystem.notificationslow
Task Schedulingsystem.schedulinglow
Persistent Storagestorage.persistentlow

Monitoring

Continuous monitoring

Security doesn't stop at initial publication. We continuously monitor the extension ecosystem to catch threats that emerge after initial review.

01

Weekly re-scans

All published extensions are periodically re-scanned against updated signature databases to catch newly discovered threats.

02

Updated signatures

Our signature database is regularly updated with new patterns discovered by the security community and our own research.

03

Publisher notifications

If a re-scan detects issues in a previously clean extension, the publisher is notified immediately and given time to address findings.

04

Community reporting

Users can report suspicious extensions through the marketplace. Reports trigger additional scans and human review.

Trust

Trust levels

Extensions are classified based on their publisher's track record and verification status.

Verified

Highest trust

Publisher identity verified. Source code reviewed. Manually audited by the Omni security team.

Community

Standard

Published by an established member with positive track record. Passed automated scanning. Most extensions fall here.

Unverified

New

New publisher or extension without track record. Passed automated scanning but not manually reviewed. Review permissions carefully.

Disclosure

Responsible disclosure

We take security vulnerabilities seriously. If you discover a security issue in the Omni platform, marketplace, or any published extension, please report it responsibly.

We acknowledge valid reports within 48 hours, provide regular status updates, and do not pursue legal action against researchers who act in good faith.

How to report
01

Email security@omniapp.org with a detailed description

02

Include steps to reproduce, affected versions, and impact

03

Allow 90 days to address the issue before public disclosure

04

Do not exploit beyond what is necessary for demonstration

Built for trust

Browse the marketplace with confidence. Every extension has been scanned, sandboxed, and permission-gated for your safety.

Security — WASM Sandboxing & AV Pipeline | Omni AI Agent Builder