registry  /  @ashish-tradex/kortex  /  0.7.0

@ashish-tradex/kortex@0.7.0

A system of ReAct agents — each reasons and acts (tool use) to complete a task, coordinated by a router. Same hosted-gateway family as wryt/nexel.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

On user invocation, the CLI can reuse an API key from another product's `~/.nexel/config.json` and transmit it to a gateway. User prompts and retained session content are also sent to that gateway for agent execution.

Static reason
No blocking static signals were detected.
Trigger
User runs `kortex` after supplying a valid access key.
Impact
A foreign API credential and user-supplied task/history data may be disclosed to the configured gateway.
Mechanism
Foreign credential fallback and remote agent-gateway requests.
Rationale
The package is not malicious by install-time behavior, but its undocumented foreign-config credential fallback creates a concrete user-invoked credential disclosure path. Flag for warning rather than block.
Evidence
package.jsondist/config.jsdist/gateway.jsdist/react.jsdist/tools.jsdist/memory.js~/.nexel/config.json~/.kortex/config.json~/.kortex/access-key~/.kortex/session.json
Network endpoints1
mymindbase.ai/api/cli-agent/v1

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/config.js` reads foreign `~/.nexel/config.json` as an API-key fallback.
  • `dist/gateway.js` sends the selected API key as a Bearer token to `cfg.baseUrl`.
  • `dist/react.js` forwards user tasks and persisted history to the hosted gateway.
  • `dist/tools.js` lets the remote model invoke web research requests through the gateway.
Evidence against
  • `package.json` has only `prepublishOnly`; no install lifecycle hook.
  • No child-process, shell, eval, VM, or native binary execution found.
  • Writes are limited to user-invoked `~/.kortex` config/history/access-key and explicit document export.
  • No source evidence of stealth persistence, deletion, or install-time mutation.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 122 KB of source, external domains: mymindbase.ai

Source & flagged code

4 flagged · loading source
dist/config.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/config.js` reads foreign `~/.nexel/config.json` as an API-key fallback.

dist/config.jsView on unpkg
dist/gateway.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/gateway.js` sends the selected API key as a Bearer token to `cfg.baseUrl`.

dist/gateway.jsView on unpkg
dist/react.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/react.js` forwards user tasks and persisted history to the hosted gateway.

dist/react.jsView on unpkg
dist/tools.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/tools.js` lets the remote model invoke web research requests through the gateway.

dist/tools.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/config.js
MediumAi Review Evidencedist/gateway.js
MediumAi Review Evidencedist/react.js
MediumAi Review Evidencedist/tools.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings