registry  /  @genex-ai/cli-demo  /  0.43.0

@genex-ai/cli-demo@0.43.0

Set up your ~/.claude workspace, authorize, create a game project, generate AI assets, and publish (genex CLI).

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI installs and refreshes Genex-owned AI-agent skill templates in detected user agent directories. Explicit deployment commands upload selected project files and push source using user authorization.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Run `genex init`, another `genex` command with existing Genex skills, or `genex preview`/`publish`.
Impact
Modifies package-owned skill paths and transmits project content only for explicit Genex deployment actions.
Mechanism
first-party agent skill synchronization and authenticated project deployment
Rationale
The malicious scanner label overstates documented CLI behavior: source inspection found no lifecycle hook, stealth execution, or credential exfiltration. Warn because explicit initialization and subsequent command execution modify first-party AI-agent skill directories.
Evidence
package.jsondist/index.jsREADME.mdtemplates/agents/genex-helper.mdtemplates/commands/genex-status.md~/.claude~/.codex/skills~/.cursor/skills~/.genex/env~/.genex/update-check.json./.genex/project.json./.gitignore
Network endpoints4
demo-api.glotech.worlddemo-web.glotech.worldregistry.npmjs.org/-/package/%40genex-ai%2Fcli-demo/dist-tagso4511115493900288.ingest.us.sentry.io/4511706579599360

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` `genex init` copies bundled skills into `~/.claude`, `~/.codex`, or `~/.cursor`.
  • Non-`init` CLI commands re-sync existing `genex-*` agent skills automatically.
  • `preview`/`publish` enumerate project files and upload them after an explicit user command.
  • The CLI stores `GENEX_TOKEN` in `~/.genex/env` and uses it for the configured Genex API.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • Agent-control writes occur only through an invoked CLI command, not package installation or import.
  • Template copying preserves non-Genex files unless `--force`; managed paths are Genex-prefixed.
  • Deployment excludes `.env*`, `.git`, `.genex`, `node_modules`, and `dist` from source collection/push.
  • `dist/index.js` includes Sentry token/path scrubbing and telemetry opt-out controls.
  • No eval, dynamic code loading, stealth persistence, or unconsented credential harvesting was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 526 KB of source, external domains: 127.0.0.1, cdn.genex.technology, demo-api.glotech.world, demo-web.glotech.world, registry.npmjs.org, www.npmjs.com

Source & flagged code

3 flagged · loading source
dist/index.jsView file
10import { fileURLToPath } from "url"; L11: var DEFAULT_AUTH_URL = "https://demo-web.glotech.world"; L12: var DEFAULT_API_URL = "https://demo-api.glotech.world"; ... L16: function getAnimsBase(override) { L17: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L18: return raw.replace(/\/+$/, "") + "/"; ... L39: function getGenexDir() { L40: return path.join(os.homedir(), ".genex"); L41: } ... L52: const here = path.dirname(fileURLToPath(import.meta.url)); L53: const pkg = JSON.parse( L54: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.jsView on unpkg · L10
10Trigger-reachable chain: manifest.bin -> dist/index.js L10: import { fileURLToPath } from "url"; L11: var DEFAULT_AUTH_URL = "https://demo-web.glotech.world"; L12: var DEFAULT_API_URL = "https://demo-api.glotech.world"; ... L16: function getAnimsBase(override) { L17: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L18: return raw.replace(/\/+$/, "") + "/"; ... L39: function getGenexDir() { L40: return path.join(os.homedir(), ".genex"); L41: } ... L52: const here = path.dirname(fileURLToPath(import.meta.url)); L53: const pkg = JSON.parse( L54: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L10
10import { fileURLToPath } from "url"; L11: var DEFAULT_AUTH_URL = "https://demo-web.glotech.world"; L12: var DEFAULT_API_URL = "https://demo-api.glotech.world"; ... L16: function getAnimsBase(override) { L17: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L18: return raw.replace(/\/+$/, "") + "/"; ... L39: function getGenexDir() { L40: return path.join(os.homedir(), ".genex"); L41: } ... L52: const here = path.dirname(fileURLToPath(import.meta.url)); L53: const pkg = JSON.parse( L54: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L10

Findings

2 Critical3 Medium5 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings