AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time behavior runs. Explicit cx-viewer commands modify shell/Codex integration and locally proxy Codex API traffic for its viewer/logging feature.
Decision evidence
public snapshot- `cli.js` explicitly installs shell hooks and edits Codex config during `cxv -logger`/`cxv run`.
- `lib/ensure-hooks.js` writes `~/.codex/hooks.json` with a broad PermissionRequest matcher.
- `cli.js` starts a loopback proxy that captures Codex/OpenAI traffic for local logging.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- Hook commands are gated on `CXVIEWER_PORT`, set by cx-viewer runtime.
- `proxy.js` binds its capture proxy to `127.0.0.1` and forwards to configured OpenAI/ChatGPT endpoints.
- Reviewed code shows no credential exfiltration, remote payload download, or destructive action.
- `--uninstall` removes the package's shell hooks and legacy Codex files.
Source & flagged code
11 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/assets/jszip.min-BxIXdRg4.jsView on unpkg · L11Package source references dynamic require/import behavior.
dist/assets/livescript-Bw1Vw7Ae.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
cli.jsView on unpkg · L3Manifest entrypoint contains risky behavior absent from dist/build output.
server.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/proxy-env.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
lib/appserver-bridge.jsView on unpkg · L2103Package source invokes a package manager install command at runtime.
build.jsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
scripts/mac-sign.shView on unpkg