AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware or unconsented install-time attack was found. The main risk is explicit CLI setup and refresh of package-owned AI agent skills/templates plus authenticated Genex deploy/publish operations.
Decision evidence
public snapshot- dist/index.js:53-68 targets ~/.claude, ~/.codex/skills, ~/.cursor/skills
- dist/index.js:94-116 copies package templates into agent workspaces
- dist/index.js:149-187 auto-refreshes existing genex-* skills on non-init CLI commands
- dist/index.js:973-986 init writes GENEX_TOKEN to ~/.genex/env
- dist/index.js:1266-1315 uploads build files to Genex/R2 with bearer tokens
- dist/index.js:1338-1388 pushes project source to a returned git push URL
- package.json has no preinstall/install/postinstall lifecycle hooks
- Agent workspace mutation is via explicit genex commands and package-owned genex-* templates
- dist/index.js:328-447 loopback auth validates random state before accepting token
- dist/index.js:1170-1172 and 1360-1361 exclude .env/.env.* and .genex from deploy/source push
- Network endpoints are documented Genex/npm services or user-overridable CLI options
- No credential harvesting beyond GENEX_TOKEN lookup for authenticated Genex API calls
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L10A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L10