AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The npm postinstall automatically prepares a Codex plugin, modifies user-level agent configuration through `frontal start`, and starts a detached gateway. This occurs without an explicit lifecycle command from the user in noninteractive installs.
Decision evidence
public snapshot- package.json runs postinstall.
- Postinstall defaults noninteractive installs to Codex/Claude.
- Postinstall runs `codex-plugin install` then `frontal start`.
- `frontal start` enables Codex adapter and writes config.
- Plugin installer stages a personal marketplace under Codex home.
- Gateway persists a detached local service process.
- Hook trust activation is separately prompted or requires explicit `--yes`.
- No credential harvesting or covert remote payload loader found.
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
lib/frontal-gateway/dist/server-cli.jsView on unpkg · L689Package source references weak cryptographic algorithms.
lib/frontal-gateway/dist/ui-observer-store.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/frontal-codex-adapter/hooks/ensure-backend.mjsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/frontal-codex-plugin-postinstall.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
lib/frontal-codex-adapter/skills/repo-memory-updater/scripts/detect_updates.pyView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-adapter-common/src/cli-smoke.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-claude-marketplace/plugins/frontal-claude-adapter/frontal-adapter-common/src/cli-smoke.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-gateway/dist/child-action-worker.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-gateway/dist/codex-smoke.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/frontal-gateway/dist/runtime-client.jsView on unpkg