AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time attack surface was confirmed. The main residual risk is first-party Nexus Cortex runtime setup that seeds package-owned agent/skill/config directories under ~/.cortex when the CLI is run.
Decision evidence
public snapshot- dist/lifecycle/updateCheck.js syncBuiltinScaffold seeds ~/.cortex/{agents,skills,commands,system-messages} and copies package .cortex to ~/.cortex/builtin on CLI startup
- bin/cortex.js agent/run mode sets YOLO=true and auto-starts a local server when explicitly invoked
- dist/commands/mcp/init.js can create MCP_CONFIG.md with nexus-browser enabled, but only via explicit mcp init command
- package.json has no preinstall/install/postinstall lifecycle hooks
- Network use is package-aligned: localhost Cortex server/client and npm registry update check
- Config writes are first-party ~/.cortex or explicit user commands; no credential harvesting or exfiltration found
- Shell/process execution is user-invoked CLI functionality for starting server, editor, npm update/build, git, and benchmark commands
- No obfuscation, remote payload loading, destructive install-time behavior, or foreign AI-agent control-surface mutation found
Source & flagged code
5 flagged · loading sourceManifest entrypoint contains risky behavior absent from dist/build output.
bin/cortex.jsView on unpkg · L6Package source references weak cryptographic algorithms.
dist/commands/autoresearch/repoResolve.jsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/commands/autoresearch/harnessProcess.jsView on unpkg · L95