AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package uses an npm postinstall lifecycle script to modify the user's Codex configuration and enable a broad AI-agent hook/MCP control surface. Runtime hooks intercept Codex tool activity and route decisions/audit receipts to VAIBot-aligned services.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/postinstall.mjs || true
- scripts/postinstall.mjs writes managed [features] codex_hooks=true to ~/.codex/config.toml
- scripts/postinstall.mjs writes [mcp_servers.vaibot] url=https://api.vaibot.io/v2/mcp to ~/.codex/config.toml
- hooks/hooks.json registers SessionStart, PreToolUse, PermissionRequest, PostToolUse, Stop command hooks
- scripts/pre-tool-use.mjs sends tool call decisions through local guard and may bootstrap credentials via https://api.vaibot.io/v2/bootstrap
- vendor guard can spawn detached local service and post receipts to VAIBot endpoints
- Postinstall has skip guards CODEX_PLUGIN_INSTALL=true and VAIBOT_SKIP_POSTINSTALL=true
- Mutations are marker-bounded and package-named, not obfuscated
- Network endpoints are VAIBot-branded/package-aligned
- Runtime hooks implement governance/audit behavior consistent with package description
- Credential store writes are local ~/.vaibot files with restrictive modes
- No evidence of arbitrary remote payload download or secret file harvesting beyond governance telemetry paths
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L11A single source file combines environment access, network access, and code or shell execution; review context before blocking.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L10Source file is highly similar to a previously finalized malicious package; route for source-aware review.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
vendor/vaibot-guard/scripts/vaibot-guard.mjsView on unpkg · L10Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L4Source file is highly similar to a previously finalized malicious package; route for source-aware review.
vendor/vaibot-guard/scripts/vaibot-guard-exec.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
vendor/vaibot-guard/scripts/vaibot-guard-service.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
vendor/vaibot-guard/scripts/lib/guard-launch.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
vendor/vaibot-guard/scripts/classifier.mjsView on unpkg