AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/lib/tools/codex-tool.js` rewrites `~/.codex/config.toml` to select VXAI and persists `X_AIO_CODE_API_KEY` in a shell rc file or Windows user environment.
- `dist/lib/tools/claude-code-tool.js` writes VXAI URL and supplied API key into Claude settings and marks onboarding complete.
- `dist/lib/tools/opencode-tool.js` writes a VXAI provider containing the supplied API key into OpenCode configuration.
- `dist/lib/api-validator.js` sends the supplied API key to `https://llm-api.vxai.io/v1/models` for validation.
- `dist/lib/tools/codex-tool.js` uses PowerShell only to set/read that named user environment variable.
- `package.json` contains no `preinstall`, `install`, or `postinstall` hook.
- `dist/cli.js` only dispatches after the user runs `vxai-cli`; imports do not perform configuration writes.
- `dist/lib/command.js` exposes interactive setup/configuration commands, and `dist/lib/wizard/menus/tool-menu.js` prompts before unload operations.
- Inspected source has no eval/vm loading, credential harvesting beyond configured API keys, arbitrary file deletion, or covert exfiltration endpoint.
Source & flagged code
6 flagged · loading sourceSource writes persistence or remote-access backdoor material.
dist/lib/tools/codex-tool.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/lib/tools/codex-tool.jsView on unpkg · L1Package source references child process execution.
dist/lib/tools/codex-tool.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/lib/tools/codex-tool.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/lib/tool-manager.jsView on unpkg · L123