AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- cli.js: `cxv -logger` patches an installed Codex CLI and shell startup file.
- lib/ensure-hooks.js writes a broad `PermissionRequest` hook to `~/.codex/hooks.json`.
- lib/plugin-loader.js dynamically imports JavaScript from the user plugin directory at server startup.
- proxy.js reads Codex auth context and proxies model traffic, including OAuth routing to `https://chatgpt.com/backend-api/codex`.
- package.json has no preinstall, install, or postinstall hook; `prepublishOnly` only builds before publishing.
- The Codex and shell mutations are reached only through explicit `cxv -logger`, not package installation or import.
- The permission-hook command is guarded by `CXVIEWER_PORT`, limiting it to CX Viewer launches.
- No source evidence of covert remote payload download, credential exfiltration endpoint, destructive action, or stealth install-time persistence.
Source & flagged code
12 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/assets/jszip.min-CcUlfCvn.jsView on unpkg · L11Package source references dynamic require/import behavior.
dist/assets/livescript-Bw1Vw7Ae.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
cli.jsView on unpkg · L3Manifest entrypoint contains risky behavior absent from dist/build output.
server.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/proxy-env.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
lib/appserver-bridge.jsView on unpkg · L2493Package source invokes a package manager install command at runtime.
build.jsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
scripts/mac-sign.shView on unpkg