AI Security Review
scanned 2h ago · by lpm-firewall-aiAn explicit update command can fetch and execute a remote shell script from a mutable branch. The CLI also manages user-selected AI tool configuration files.
Decision evidence
public snapshot- `cli/update.js` downloads a mutable GitHub install script and executes it with `bash`.
- The standalone updater performs no signature, checksum comparison, or version pinning.
- `cli.js` can bootstrap and write Codex configuration on ordinary CLI invocation.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- The remote-script path is reachable only through explicit `codexmate update`.
- No `eval`, `Function`, VM execution, or decoded-payload execution was found.
- Config writes are guarded for `run`/MCP and default tool-write permissions are false.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
cli/archive-helpers.jsView on unpkg · L345Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
cli.jsView on unpkg · L9A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
cli/update.jsView on unpkg · L3Package ships non-JavaScript build or shell helper files.
skills/codexmate-project-context-recovery/scripts/search_sessions.pyView on unpkg