registry  /  codex-config  /  0.3.0

codex-config@0.3.0

Keep Codex config.toml current for the GPT-5.6 model family without overwriting unrelated settings.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `codex-config apply` without `--dry-run`.
Impact
Can alter model and supported Codex configuration settings in the user-selected or default Codex home.
Mechanism
User-invoked TOML migration and atomic replacement of Codex config.
Rationale
Source inspection confirms explicit user-command mutation of `~/.codex/config.toml`, not concrete malware behavior. Per policy, this is a warn-level AI-agent capability risk rather than a publish-blocking install-time hijack.
Evidence
package.jsondist/cli.jsdist/commands.jsdist/paths.jsdist/fs.jsdist/codex-policy.jsconfig.toml.template$CODEX_HOME/config.toml~/.codex/config.toml$CODEX_HOME/<profile>.config.toml

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/cli.js` exposes explicit `apply` command.
  • `dist/paths.js` defaults target to `$CODEX_HOME/config.toml` or `~/.codex/config.toml`.
  • `dist/commands.js` writes changed plans unless `--dry-run`.
  • `dist/fs.js` atomically creates/replaces the selected config file.
Evidence against
  • `package.json` contains no preinstall/install/postinstall lifecycle hooks.
  • All mutation requires an explicit CLI `apply` invocation.
  • No network client, child-process, eval, or dynamic module loading appears in shipped JS.
  • Only environment use is `CODEX_HOME` for target selection; no credential harvesting is present.
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 48.3 KB of source

Source & flagged code

4 flagged · loading source
dist/cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli.js` exposes explicit `apply` command.

dist/cli.jsView on unpkg
dist/paths.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/paths.js` defaults target to `$CODEX_HOME/config.toml` or `~/.codex/config.toml`.

dist/paths.jsView on unpkg
dist/commands.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/commands.js` writes changed plans unless `--dry-run`.

dist/commands.jsView on unpkg
dist/fs.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/fs.js` atomically creates/replaces the selected config file.

dist/fs.jsView on unpkg

Findings

5 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencedist/cli.js
MediumAi Review Evidencedist/paths.js
MediumAi Review Evidencedist/commands.js
MediumAi Review Evidencedist/fs.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings