AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time malware behavior is present. The CLI’s guarded setup can install and enable its own Codex extension and host skills after user invocation.
Decision evidence
public snapshot- `dist/index.js` installs/enables AgentBox’s Codex plugin and appends its config entry.
- The setup path can write host Claude/Codex/OpenCode skill files.
- Bundled skills direct an agent to invoke `agentbox` and inspect Claude plan paths.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- `dist/index.js` performs setup only after a user CLI invocation; Codex setup supports dry-run and preserves a disabled plugin unless forced.
- Network calls target configured relay/GitHub/NPM update endpoints; no source-confirmed credential exfiltration was found.
- Runtime shell execution provisions or operates requested sandboxes, rather than executing on package install.
Source & flagged code
16 flagged · loading sourcePackage source references child process execution.
dist/chunk-SJ75AIA2.jsView on unpkg · L744Source writes installer persistence such as shell profile or service configuration.
dist/chunk-SJ75AIA2.jsView on unpkg · L49Package source references weak cryptographic algorithms.
dist/chunk-UJEH2NJT.jsView on unpkg · L273Source appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L406A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L406Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L2461A single source file combines environment access, network access, and code or shell execution with blocking evidence.
runtime/hub/apps/hub/chunk-YJ5MJOXK.jsView on unpkg · L1805This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
runtime/hub/apps/hub/chunk-YJ5MJOXK.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
runtime/hub/apps/hub/chunk-YJ5MJOXK.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
runtime/hub/apps/hub/chunk-YJ5MJOXK.jsView on unpkg · L1364Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
runtime/docker/packages/ctl/dist/bin.cjsView on unpkg · L11312Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunk-26IKZRTT.jsView on unpkg · L75Package ships non-JavaScript build or shell helper files.
runtime/vercel/scripts/provision.shView on unpkgPackage ships high-entropy non-source blobs.
runtime/hub/apps/hub/.next/static/media/99e609270109b47d-s.p.40sczeszzbjw1.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
runtime/hub/apps/hub/chunk-QYJ37CUJ.jsView on unpkg