AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package performs broad AI-agent setup from npm postinstall. In noninteractive installs it can register/start Frontal and mutate Codex and Claude control/config surfaces without a separate explicit user command.
Decision evidence
public snapshot- package.json defines postinstall: node ./bin/frontal-codex-plugin-postinstall.mjs
- postinstall auto-selects available Codex/Claude clients when noninteractive and runs frontal start
- frontal start enables Codex and Claude adapters by default unless --no-* flags are supplied
- enableCodexAdapter writes Codex config.toml, Frontal state, recovery snapshots, and bundled skill links
- enableClaudeAdapter writes Claude settings.json, Frontal state, and bundled skill links
- postinstall can start a persistent local gateway service and configure remote Memorax endpoint
- Prompt paths exist for interactive installs and skip env vars are supported
- Official Codex/Claude login detection can avoid provider takeover in some cases
- Observed network endpoints are product-aligned gateway/memory/provider URLs, not covert exfil endpoints
- No obfuscated payload, eval/vm loader, or dependency-confusion pattern found in inspected files
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
lib/frontal-gateway/dist/server-cli.jsView on unpkg · L654Package source references weak cryptographic algorithms.
lib/frontal-gateway/dist/ui-observer-store.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/frontal-codex-adapter/hooks/ensure-backend.mjsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/frontal-codex-plugin-postinstall.mjsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/frontal-codex-plugin-postinstall.mjsView on unpkgPackage ships non-JavaScript build or shell helper files.
lib/frontal-codex-adapter/skills/repo-memory-updater/scripts/detect_updates.pyView on unpkg