AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Running the server automatically enables local telemetry for Codex and detected VS Code Copilot settings. An explicit CLI option installs Claude lifecycle hooks that forward event data to the local server. No external exfiltration endpoint was found.
Decision evidence
public snapshot- `standalone/server.js` calls `applyAutoConfig()` at server startup.
- Startup edits `~/.codex/config.toml` and VS Code Copilot settings to enable OTLP.
- `agentlenspro-cli --install-hooks` writes Claude hook registrations.
- Hooks forward stdin telemetry to the local dashboard endpoint.
- `package.json` has only `prepublishOnly`; no install lifecycle hook.
- Observed runtime endpoints are loopback-only (`localhost`).
- No external host or credential-exfiltration request found.
- Config and hooks are package-aligned observability setup, with explicit hook installation.
Source & flagged code
7 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
standalone/server.jsView on unpkg · L154Package source references child process execution.
standalone/server.jsView on unpkg · L9250A single source file combines environment access, network access, and code or shell execution; review context before blocking.
standalone/server.jsView on unpkg · L36119A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
standalone/cli.jsView on unpkg · L39Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/agentlens-supervise.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
scripts/configure-codex.ps1View on unpkg