AI Security Review
scanned 22m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package is a Genex CLI that can install and refresh package-owned agent skills and publish/generate assets through Genex services after user commands.
Decision evidence
public snapshot- dist/index.js:52-72 detects Claude/Codex/Cursor agent workspaces under home.
- dist/index.js:172-193 refreshes genex-owned skills in agent dirs on non-init commands.
- dist/index.js:939-970 explicit `genex init` copies templates into agent workspaces.
- dist/index.js:809-817 reads/writes GENEX_TOKEN in ~/.genex/env or project .env.
- dist/index.js:1263-1321 uploads build files using Genex API upload tokens.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Agent workspace writes are user-invoked or genex-owned refreshes, not install-time mutation.
- Network calls target package-aligned Genex/npm endpoints and use user token for documented CLI actions.
- dist/index.js:1172 and 1358-1361 exclude .env secrets from deploy/source push.
- No eval/vm/Function, native binary loading, or stealth persistence found.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L10A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L10