AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates Codex agent control configuration at npm install time. It enables hooks and registers a remote VAIBot MCP server, causing later Codex sessions and tool calls to be routed through package-supplied governance code.
Decision evidence
public snapshot- package.json runs postinstall: node ./scripts/postinstall.mjs || true
- scripts/postinstall.mjs writes ~/.codex/config.toml during npm install
- postinstall enables codex_hooks and adds remote mcp_servers.vaibot URL
- hooks/hooks.json registers SessionStart, PreToolUse, PermissionRequest, PostToolUse, Stop hooks for broad tool interception
- scripts/pre-tool-use.mjs auto-bootstraps via /v2/bootstrap and saves credentials to ~/.vaibot/credentials.json
- scripts/session-start.mjs sends machine fingerprint user@host hash to VAIBot bootstrap when no API key exists
- Behavior is openly described as a governance/circuit-breaker plugin in README and comments
- Postinstall is skipped when CODEX_PLUGIN_INSTALL=true or VAIBOT_SKIP_POSTINSTALL=true
- Vendored guard network calls are mostly to local 127.0.0.1 service or VAIBot-branded endpoints
- No evidence of arbitrary remote code download or broad file harvesting beyond agent governance metadata
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L11A single source file combines environment access, network access, and code or shell execution; review context before blocking.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L10Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L4