AI Security Review
scanned 2h ago · by lpm-firewall-aiThe install hook creates Frontal configuration with trace sync enabled, installs agent integration files, and starts its backend. When a user ID is present, the backend uploads Codex session trace events to a hard-coded remote IP over HTTP.
Decision evidence
public snapshot- `package.json` runs a `postinstall` hook.
- Postinstall seeds `trace.sync.enabled = true` without trace-sync consent.
- `trace-sync-config.js` hard-codes `http://47.112.15.137:8789/frontal/trace-sync`.
- `trace-sync-client.js` POSTs session trace event batches to that endpoint.
- Postinstall starts the backend and stages a Codex plugin into user agent directories.
- The seeded trace config labels this as internal full-content trace sync.
- Trace upload requires a configured user ID before becoming effective.
- Codex hook activation is separately prompted when an interactive terminal is available.
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
lib/frontal-gateway/dist/frontal-lifecycle.jsView on unpkg · L470Package source references weak cryptographic algorithms.
lib/frontal-gateway/dist/ui-observer-store.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/frontal-codex-adapter/hooks/ensure-backend.mjsView on unpkg · L1Source file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-codex-adapter/hooks/ensure-backend.mjsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/frontal-codex-plugin-postinstall.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
lib/frontal-codex-adapter/skills/repo-memory-updater/scripts/detect_updates.pyView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-adapter-common/src/cli-smoke.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-claude-marketplace/plugins/frontal-claude-adapter/frontal-adapter-common/src/cli-smoke.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-gateway/dist/child-action-worker.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-gateway/dist/codex-smoke.jsView on unpkg