AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is present. User-invoked CLI commands can install and refresh Genex-owned templates in existing AI-agent workspaces, including automatic refreshes when Genex skills already exist.
Decision evidence
public snapshot- `dist/index.js` recognizes `~/.claude`, `~/.codex`, and `~/.cursor` workspaces.
- `genex init` copies bundled Genex templates into selected agent workspaces.
- Non-`init` CLI commands auto-refresh existing `genex-*` skills in detected agent directories.
- The CLI stores an authorization token in `~/.genex/env` and sends it to Genex API endpoints for requested operations.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- All agent-directory writes occur only after the user invokes the `genex` executable.
- Auto-sync requires pre-existing `genex-*` skills and copies packaged templates; no remote code download is used for it.
- Token reads are limited to `GENEX_TOKEN` in `~/.genex/env` or the current project's `.env`; no broad environment harvesting found.
- Network use is feature-aligned: login, project creation, publishing, asset generation/downloads, npm update checks, and scrubbed Sentry crash reporting.
- No eval, dynamic module loading, persistence beyond package-owned files, or destructive file traversal was found.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L10A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L10