AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware or credential exfiltration was found. The main residual risk is first-party agent workspace mutation by an explicit CLI setup/sync workflow.
Decision evidence
public snapshot- dist/index.js bin entry runs main() for user-invoked CLI commands.
- dist/index.js runInit copies bundled templates into detected ~/.claude, ~/.codex/skills, and ~/.cursor/skills agent workspaces.
- dist/index.js syncSkills auto-refreshes existing genex-* agent skills on non-init commands.
- dist/index.js stores GENEX_TOKEN in ~/.genex/env and uses it as Bearer auth to Genex APIs.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Network endpoints are package-aligned defaults: demo-api.glotech.world, demo-web.glotech.world, demo-colyseus.glotech.world, registry.npmjs.org.
- dist/index.js excludes .env/.env.* and .genex when uploading/pushing project source.
- child_process use is user-command aligned: opening browser, npm build, git operations, and Windows icacls permission hardening.
- README.md documents agent template installation, auth token storage, and publish/upload behavior.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L10A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L10