AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI can install and refresh Genex-owned agent skills in project `.claude`, `.codex`, and `.cursor` directories. It also removes legacy Genex-owned global skills, authenticates to Genex services, and can upload project content only through publish commands. No unconsented install-time mutation or confirmed credential-exfiltration chain was found.
Decision evidence
public snapshot- `dist/index.js` `genex init` writes templates into `.claude`, `.codex`, or `.cursor` project workspaces.
- `dist/index.js` removes only `genex-*` legacy skills and two Genex-named Claude files from home agent directories.
- `dist/index.js` calls `syncSkills` for non-`init` user CLI commands, refreshing existing Genex skills.
- `dist/index.js` stores an auth token in `~/.genex/env` with mode `0600` and sends it as a bearer token to the Genex API.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Agent-directory changes occur only when the user runs the CLI; no import- or install-time execution is present.
- `dist/index.js` scopes removal to package-owned `genex-*` paths rather than arbitrary agent configuration.
- Project-file upload is reached through explicit publish operations; no source shows broad credential or environment harvesting.
- Sentry telemetry scrubs token-like values and home paths before error reporting.
Source & flagged code
4 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L13A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg