registry  /  @genex-ai/cli-demo  /  0.59.0

@genex-ai/cli-demo@0.59.0

Set up your project's agent workspace (.claude/.codex/.cursor in the game folder), authorize, create a game project, generate AI assets, and publish (genex CLI).

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI can install and refresh Genex-owned agent skills in project `.claude`, `.codex`, and `.cursor` directories. It also removes legacy Genex-owned global skills, authenticates to Genex services, and can upload project content only through publish commands. No unconsented install-time mutation or confirmed credential-exfiltration chain was found.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs `genex init` or another `genex` CLI command.
Impact
Modifies package-owned agent workspace content and local Genex state; explicit publish can transmit selected project files.
Mechanism
First-party AI-agent skill setup plus authenticated Genex API operations.
Rationale
The static malicious hint overstates normal authenticated CLI and explicit publish behavior. The package still warrants a warning because user-invoked commands mutate AI-agent workspace directories and perform first-party extension lifecycle management.
Evidence
package.jsondist/index.jsREADME.mdtemplates/skills/templates/.claude/skills/genex-*.codex/skills/genex-*.cursor/skills/genex-*~/.genex/env.genex/project.json.gitignore.gitattributes.env
Network endpoints3
api.genex.gamesgenex.games43efc6f7d16c3e67cad6c60fa8175c20@o4511115493900288.ingest.us.sentry.io/4511706579599360

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` `genex init` writes templates into `.claude`, `.codex`, or `.cursor` project workspaces.
  • `dist/index.js` removes only `genex-*` legacy skills and two Genex-named Claude files from home agent directories.
  • `dist/index.js` calls `syncSkills` for non-`init` user CLI commands, refreshing existing Genex skills.
  • `dist/index.js` stores an auth token in `~/.genex/env` with mode `0600` and sends it as a bearer token to the Genex API.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • Agent-directory changes occur only when the user runs the CLI; no import- or install-time execution is present.
  • `dist/index.js` scopes removal to package-owned `genex-*` paths rather than arbitrary agent configuration.
  • Project-file upload is reached through explicit publish operations; no source shows broad credential or environment harvesting.
  • Sentry telemetry scrubs token-like values and home paths before error reporting.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 913 KB of source, external domains: 127.0.0.1, api-dev.genex.games, api.genex.games, cdn.genex.technology, cdn.meshy.ai, dev.genex.games, genex.games, registry.npmjs.org, www.npmjs.com

Source & flagged code

4 flagged · loading source
dist/index.jsView file
13var STANDS = { L14: prod: { api: "https://api.genex.games", dashboard: "https://genex.games" }, L15: dev: { api: "https://api-dev.genex.games", dashboard: "https://dev.genex.games" } ... L21: function getAnimsBase(override) { L22: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L23: return raw.replace(/\/+$/, "") + "/"; ... L40: function getGenexDir() { L41: return path.join(os.homedir(), ".genex"); L42: } ... L55: const here = path.dirname(fileURLToPath(import.meta.url)); L56: const pkg = JSON.parse( L57: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/index.jsView on unpkg · L13
13Trigger-reachable chain: manifest.bin -> dist/index.js L13: var STANDS = { L14: prod: { api: "https://api.genex.games", dashboard: "https://genex.games" }, L15: dev: { api: "https://api-dev.genex.games", dashboard: "https://dev.genex.games" } ... L21: function getAnimsBase(override) { L22: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L23: return raw.replace(/\/+$/, "") + "/"; ... L40: function getGenexDir() { L41: return path.join(os.homedir(), ".genex"); L42: } ... L55: const here = path.dirname(fileURLToPath(import.meta.url)); L56: const pkg = JSON.parse( L57: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L13
matchType = previous_version_dangerous_delta matchedPackage = @genex-ai/cli-demo@0.47.0 matchedIdentity = npm:QGdlbmV4LWFpL2NsaS1kZW1v:0.47.0 similarity = 0.833 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
13var STANDS = { L14: prod: { api: "https://api.genex.games", dashboard: "https://genex.games" }, L15: dev: { api: "https://api-dev.genex.games", dashboard: "https://dev.genex.games" } ... L21: function getAnimsBase(override) { L22: const raw = override || process.env[ANIMS_BASE_ENV] || DEFAULT_ANIMS_BASE; L23: return raw.replace(/\/+$/, "") + "/"; ... L40: function getGenexDir() { L41: return path.join(os.homedir(), ".genex"); L42: } ... L55: const here = path.dirname(fileURLToPath(import.meta.url)); L56: const pkg = JSON.parse( L57: fs.readFileSync(path.resolve(here, "..", "package.json"), "utf8")
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L13

Findings

3 Critical3 Medium5 Low
CriticalCredential Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
CriticalPrevious Version Dangerous Deltadist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings