registry  /  @genex-ai/cli-demo  /  0.47.0

@genex-ai/cli-demo@0.47.0

Set up your ~/.claude workspace, authorize, create a game project, generate AI assets, and publish (genex CLI).

AI Security Review

scanned 8h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs `genex init` or `genex publish`.
Impact
Modifies local AI-agent instruction/skill directories and can send selected build output to the Genex service.
Mechanism
Explicit AI-agent workspace template installation and authenticated project deployment.
Rationale
No concrete malicious chain is confirmed, but the package has a real user-command AI-agent control-surface mutation capability and project-upload capability. Per policy, this should be warned rather than blocked because the mutation is explicit user-command behavior, not unconsented lifecycle execution.
Evidence
package.jsondist/index.jsREADME.mdtemplates/agents/genex-helper.mdtemplates/skills~/.claude~/.codex/skills~/.cursor/skills~/.genex/env.genex/project.jsonsrc/genex.config.ts.env.env.development.local
Network endpoints5
api.genex.gamesapi-dev.genex.gamesgenex.gamesdev.genex.games43efc6f7d16c3e67cad6c60fa8175c20@o4511115493900288.ingest.us.sentry.io/4511706579599360

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` runs `init` to copy packaged templates into detected `~/.claude`, `~/.codex`, or `~/.cursor` workspaces.
  • Without `--agents` or `--dir`, `resolveAgentTargets` auto-detects agent directories and falls back to `~/.claude`.
  • `dist/index.js` stores an authorization token in `~/.genex/env` and uses it for Genex API calls.
  • The explicit `publish` path can run `npm run build` and upload collected project output to a server-provided upload URL.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • Agent-workspace writes occur only through the user-invoked `genex init` command, not at install or import time.
  • Deploy collection excludes `.env`, `.env.*`, `.genex`, `.git`, and `node_modules`, reducing credential-upload risk.
  • Network requests target configured Genex API/auth endpoints, npm registry update checks, and Sentry telemetry; no hidden payload loader or arbitrary remote code execution was found.
  • No `eval`, `vm`, native loader, destructive filesystem routine, or stealth persistence behavior was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 564 KB of source, external domains: 127.0.0.1, api-dev.genex.games, api.genex.games, cdn.genex.technology, dev.genex.games, genex.games, registry.npmjs.org, www.npmjs.com

Source & flagged code

4 flagged · loading source
dist/index.jsView file
13var STANDS = { L14: prod: { api: "https://api.genex.games", dashboard: "https://genex.games" }, L15: dev: { api: "https://api-dev.genex.games", dashboard: "https://dev.genex.games" } ... L21: function getAnimsBase(override) { L22: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L23: return raw.replace(/\/+$/, "") + "/"; ... L40: function getGenexDir() { L41: return path.join(os.homedir(), ".genex"); L42: } ... L55: const here = path.dirname(fileURLToPath(import.meta.url)); L56: const pkg = JSON.parse( L57: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.jsView on unpkg · L13
13Trigger-reachable chain: manifest.bin -> dist/index.js L13: var STANDS = { L14: prod: { api: "https://api.genex.games", dashboard: "https://genex.games" }, L15: dev: { api: "https://api-dev.genex.games", dashboard: "https://dev.genex.games" } ... L21: function getAnimsBase(override) { L22: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L23: return raw.replace(/\/+$/, "") + "/"; ... L40: function getGenexDir() { L41: return path.join(os.homedir(), ".genex"); L42: } ... L55: const here = path.dirname(fileURLToPath(import.meta.url)); L56: const pkg = JSON.parse( L57: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L13
matchType = previous_version_dangerous_delta matchedPackage = @genex-ai/cli-demo@0.44.0 matchedIdentity = npm:QGdlbmV4LWFpL2NsaS1kZW1v:0.44.0 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
13var STANDS = { L14: prod: { api: "https://api.genex.games", dashboard: "https://genex.games" }, L15: dev: { api: "https://api-dev.genex.games", dashboard: "https://dev.genex.games" } ... L21: function getAnimsBase(override) { L22: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L23: return raw.replace(/\/+$/, "") + "/"; ... L40: function getGenexDir() { L41: return path.join(os.homedir(), ".genex"); L42: } ... L55: const here = path.dirname(fileURLToPath(import.meta.url)); L56: const pkg = JSON.parse( L57: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L13

Findings

3 Critical3 Medium5 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
CriticalPrevious Version Dangerous Deltadist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings