AI Security Review
scanned 9h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a CLI that can install and refresh package-owned AI-agent skills and publish project files after user commands. This is an agent extension lifecycle risk, but source inspection did not confirm malicious exfiltration or install-time hijacking.
Decision evidence
public snapshot- package.json bin exposes genex -> dist/index.js; no lifecycle hooks.
- dist/index.js writes Genex templates into detected ~/.claude, ~/.codex/skills, ~/.cursor/skills on `genex init`.
- dist/index.js auto-refreshes existing genex-* skills on non-init CLI commands via syncSkills().
- dist/index.js reads/stores GENEX_TOKEN in ~/.genex/env and sends Bearer auth to Genex API endpoints.
- dist/index.js preview/publish can build, collect project files, upload assets, and git push source to server-provided pushUrl.
- No preinstall/install/postinstall hook or import-time execution from package.json.
- Agent writes are package-owned genex templates and user-invoked CLI behavior, documented in README.md.
- Deploy collection excludes node_modules, .git, .genex, dist, .env, and .env.* except .env.example.
- Network endpoints are Genex/npm aligned: demo-api.glotech.world, demo-web.glotech.world, registry.npmjs.org, server-returned upload/push/avatar URLs.
- No credential harvesting beyond GENEX_TOKEN auth flow; no broad filesystem scanning for secrets found.
- No eval/vm/Function or remote code payload execution found.
Source & flagged code
4 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L10A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L10This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg