registry  /  @genex-ai/cli-demo  /  0.37.0

@genex-ai/cli-demo@0.37.0

Set up your ~/.claude workspace, authorize, create a game project, generate AI assets, and publish (genex CLI).

AI Security Review

scanned 22m ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package is a Genex CLI that can install and refresh package-owned agent skills and publish/generate assets through Genex services after user commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `genex init` or another `genex` command.
Impact
Agent workspace content may be updated with Genex templates; project/build content may be uploaded when preview/publish is invoked.
Mechanism
First-party agent skill setup plus authenticated Genex API operations.
Rationale
Static inspection shows no install-time hook, credential harvesting, or unaligned exfiltration; scanner credential findings are explained by documented login and authenticated Genex API flows. Because the CLI intentionally writes/refreshes first-party agent skills in Claude/Codex/Cursor workspaces, this fits agent extension lifecycle risk rather than publish-block malware.
Evidence
package.jsondist/index.jstemplates/agents/genex-helper.mdtemplates/commands/genex-status.mdtemplates/skills/genex-getting-started/SKILL.md~/.claude/skills~/.claude/agents~/.claude/commands~/.codex/skills~/.cursor/skills~/.genex/env~/.genex/update-check.json.genex/project.json.env.env.development.localsrc/genex.config.tssrc/controllers/public/assets/avatar.vrm.gitignore
Network endpoints5
demo-web.glotech.worlddemo-api.glotech.worldwss://demo-colyseus.glotech.worldregistry.npmjs.org/-/package/assets.genex.technology

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js:52-72 detects Claude/Codex/Cursor agent workspaces under home.
  • dist/index.js:172-193 refreshes genex-owned skills in agent dirs on non-init commands.
  • dist/index.js:939-970 explicit `genex init` copies templates into agent workspaces.
  • dist/index.js:809-817 reads/writes GENEX_TOKEN in ~/.genex/env or project .env.
  • dist/index.js:1263-1321 uploads build files using Genex API upload tokens.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • Agent workspace writes are user-invoked or genex-owned refreshes, not install-time mutation.
  • Network calls target package-aligned Genex/npm endpoints and use user token for documented CLI actions.
  • dist/index.js:1172 and 1358-1361 exclude .env secrets from deploy/source push.
  • No eval/vm/Function, native binary loading, or stealth persistence found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 455 KB of source, external domains: 127.0.0.1, demo-api.glotech.world, demo-web.glotech.world, registry.npmjs.org, www.npmjs.com

Source & flagged code

3 flagged · loading source
dist/index.jsView file
10import { fileURLToPath } from "url"; L11: var DEFAULT_AUTH_URL = "https://demo-web.glotech.world"; L12: var DEFAULT_API_URL = "https://demo-api.glotech.world"; ... L18: function getAuthUrl(override) { L19: const raw = override || process.env[AUTH_URL_ENV] || DEFAULT_AUTH_URL; L20: return raw.replace(/\/+$/, ""); ... L30: function getGenexDir() { L31: return path.join(os.homedir(), ".genex"); L32: } ... L43: const here = path.dirname(fileURLToPath(import.meta.url)); L44: const pkg = JSON.parse( L45: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.jsView on unpkg · L10
10Trigger-reachable chain: manifest.bin -> dist/index.js L10: import { fileURLToPath } from "url"; L11: var DEFAULT_AUTH_URL = "https://demo-web.glotech.world"; L12: var DEFAULT_API_URL = "https://demo-api.glotech.world"; ... L18: function getAuthUrl(override) { L19: const raw = override || process.env[AUTH_URL_ENV] || DEFAULT_AUTH_URL; L20: return raw.replace(/\/+$/, ""); ... L30: function getGenexDir() { L31: return path.join(os.homedir(), ".genex"); L32: } ... L43: const here = path.dirname(fileURLToPath(import.meta.url)); L44: const pkg = JSON.parse( L45: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L10
10import { fileURLToPath } from "url"; L11: var DEFAULT_AUTH_URL = "https://demo-web.glotech.world"; L12: var DEFAULT_API_URL = "https://demo-api.glotech.world"; ... L18: function getAuthUrl(override) { L19: const raw = override || process.env[AUTH_URL_ENV] || DEFAULT_AUTH_URL; L20: return raw.replace(/\/+$/, ""); ... L30: function getGenexDir() { L31: return path.join(os.homedir(), ".genex"); L32: } ... L43: const here = path.dirname(fileURLToPath(import.meta.url)); L44: const pkg = JSON.parse( L45: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L10

Findings

2 Critical3 Medium5 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings