AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI setup installs a first-party Egregore Codex runtime into an Egregore project. It adds agent instructions, skills, and a hook; telemetry is separately opt-out capable.
Decision evidence
public snapshot- `lib/codex-runtime.js` copies bundled files into target projects, including `.codex/config.toml`, hooks, skills, and `AGENTS.md`.
- `lib/codex-runtime.js` creates `.agents/skills` symlink to `.codex/skills`.
- `runtime/codex/bin/telemetry.sh` can buffer and send telemetry to the Egregore Railway API.
- `lib/auth.js` can install `gh` through a user-visible interactive command.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- The installer executes only through the explicit `create-egregore` CLI entrypoint.
- GitHub and Egregore API calls implement requested setup, authentication, repository, invitation, and notification flows.
- No source evidence of arbitrary remote payload execution, credential exfiltration to an unrelated endpoint, or destructive behavior.
Source & flagged code
9 flagged · loading sourcePackage source invokes a package manager install command at runtime.
lib/setup.jsView on unpkg · L490Source writes installer persistence such as shell profile or service configuration.
lib/setup.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/auth.jsView on unpkg · L32Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/auth.jsView on unpkg · L5Package ships non-JavaScript build or shell helper files.
runtime/codex/bin/publish-artifact.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
assets/egregore-launcher.jsView on unpkg