AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- bin/codex-review-cc.js invokes install/update only when the user runs the CLI.
- bin/lib/install-utils.js executes `claude plugin marketplace add/install/update` for `codex@codex-review-cc`.
- bin/lib/install-utils.js checks `$HOME/.claude/plugins/cache` with `find` to decide if the plugin is installed.
- package.json has a `prepare` script that runs `git config core.hooksPath .githooks || true`, but no install/postinstall lifecycle hook.
- Package contents are limited to package.json, README.md, LICENSE, and bin installer files.
- No credential/env harvesting, destructive file operations, eval/vm/Function, native binary loading, or remote payload downloader found.
- Shell commands use fixed Claude plugin arguments; user input is limited to parsed `--scope` values `user`, `project`, or `local`.
- No npm install-time mutation of Claude/Codex control surfaces from registry install hooks.
- Network references are package-aligned GitHub/Claude documentation or marketplace source strings.
Source & flagged code
4 flagged · loading sourcebin/codex-review-cc.js invokes install/update only when the user runs the CLI.
bin/codex-review-cc.jsView on unpkgbin/lib/install-utils.js executes `claude plugin marketplace add/install/update` for `codex@codex-review-cc`.
bin/lib/install-utils.jsView on unpkgbin/lib/install-utils.js checks `$HOME/.claude/plugins/cache` with `find` to decide if the plugin is installed.
bin/lib/install-utils.jsView on unpkgpackage.json has a `prepare` script that runs `git config core.hooksPath .githooks || true`, but no install/postinstall lifecycle hook.
package.jsonView on unpkg