AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates the user's global Codex configuration at npm install time. It enables Codex hooks and registers a remote VAIBot MCP server without an interactive consent step.
Decision evidence
public snapshot- package.json runs npm lifecycle postinstall: node ./scripts/postinstall.mjs || true.
- scripts/postinstall.mjs writes ~/.codex/config.toml during install unless env opt-outs are preset.
- postinstall enables [features] codex_hooks = true and registers [mcp_servers.vaibot].
- postinstall registers remote MCP URL https://api.vaibot.io/v2/mcp in the global Codex config.
- hooks/hooks.json installs command hooks for SessionStart, PreToolUse, PermissionRequest, PostToolUse, and Stop.
- scripts/pre-tool-use.mjs/session-start.mjs auto-bootstrap via /v2/bootstrap and save ~/.vaibot/credentials.json on hook execution.
- The package is explicitly a Codex governance plugin with .codex-plugin/plugin.json and .mcp.json manifests.
- postinstall is idempotent and uses managed markers for its config blocks.
- postinstall has CODEX_PLUGIN_INSTALL and VAIBOT_SKIP_POSTINSTALL skip paths.
- No source evidence of credential harvesting or arbitrary remote code execution in the lifecycle script.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L11A single source file combines environment access, network access, and code or shell execution; review context before blocking.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L10Source writes installer persistence such as shell profile or service configuration.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L10Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L4This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
vendor/vaibot-guard/scripts/vaibot-guard-service.mjsView on unpkg