AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. A user-invoked Codex runtime failure can trigger a guarded repair that changes the user's Codex plugin configuration.
Decision evidence
public snapshot- `engine/agentlas-native-host.cjs` auto-runs Runtime Doctor after a failed Codex execution.
- `engine/agentlas-doctor.cjs` can back up and edit `~/.codex/config.toml`, disabling a detected plugin without separate confirmation.
- `engine/agentlas-native-host.cjs` creates isolated `CODEX_HOME` and may link or copy existing `~/.codex/auth.json` into it.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `bin/agentlas.cjs` bootstraps local Agentlas SQLite data only when the user invokes the CLI.
- Network calls target configured AI providers and Agentlas Cloud routes in user-invoked API, login, search, upload, or update features.
- No `eval`, VM execution, remote code loader, or install-time network activity was found.
Source & flagged code
7 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/agentlas.cjsView on unpkg · L20A single source file combines environment access, network access, and code or shell execution; review context before blocking.
engine/agentlas-parity.cjsView on unpkg · L325Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
engine/agentlas-parity.cjsView on unpkg · L18Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
engine/agentlas.cjsView on unpkg · L7785Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
test/smoke.shView on unpkgPackage ships non-JavaScript build or shell helper files.
test/smoke.shView on unpkg