AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/codex-config.ts` explicitly writes `~/.codex/config.toml`, adding a gateway and optional trusted project.
- `src/app-server.ts` spawns local/remote Codex sessions and auto-approves command and file-change requests.
- `src/app-server.ts` defaults turns to `dangerFullAccess`.
- `src/ssh.ts` and `src/rotate.ts` expose SSH command execution and remote Codex config rewriting.
- `src/github.ts`, `src/linear.ts`, and `src/notion.ts` send host-held tokens to agent-directed API requests.
- `package.json` has no preinstall, install, postinstall, prepare, or bin hook.
- `src/index.ts` only exports functions; importing it does not invoke setup, network, or subprocess actions.
- Config and process mutations require explicit exported-function/session calls.
- No credential harvesting or exfiltration endpoint was found; `src/scrub-env.ts` removes secret-like variables from child environments.
- API destinations are named service endpoints rather than an undisclosed collector.
Source & flagged code
5 flagged · loading source`src/codex-config.ts` explicitly writes `~/.codex/config.toml`, adding a gateway and optional trusted project.
src/codex-config.tsView on unpkg`src/app-server.ts` spawns local/remote Codex sessions and auto-approves command and file-change requests.
src/app-server.tsView on unpkg`src/app-server.ts` defaults turns to `dangerFullAccess`.
src/app-server.tsView on unpkg`src/ssh.ts` and `src/rotate.ts` expose SSH command execution and remote Codex config rewriting.
src/ssh.tsView on unpkg`src/github.ts`, `src/linear.ts`, and `src/notion.ts` send host-held tokens to agent-directed API requests.
src/github.tsView on unpkg