AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/codex-app-patch.js provides explicit patch-codex-app command that rewrites Codex.app app.asar and injects codex://plush/followup handling into Codex startup.
- dist/codex-stop-hook.js can deliver Plush followup text to Codex IPC method thread-follower-start-turn when PLUSH_CODEX_FOLLOWUP_SYNC=1.
- dist/claude-code-install.js explicitly mutates ~/.claude/settings.json to add a Plush Stop hook.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Agent/Codex/Claude integrations are activated by documented CLI commands or hook invocation, not import-time or install-time execution.
- Network client is package-aligned: PlushClient defaults to https://api.easypush.app and uses bearer token only for Plush API requests.
- Hook code reads stdin hook payloads and saved Plush credentials; no broad credential harvesting or arbitrary exfiltration found.
- Child process use is for spawning this package's CLI watcher and user-invoked npx asar/codesign during Codex patching.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/codex-stop-hook.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/codex-stop-hook.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/templates.jsView on unpkg · L9