registry  /  drejx  /  0.7.1

drejx@0.7.1

CLI for [drej](https://drej.dev) — start a local OpenSandbox server, manage saved agent specs, and run/orchestrate `@drej/agent` sessions.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. After an explicit Pi extension installation, each new Pi session can bootstrap the package and local OpenSandbox setup. This is first-party agent-extension lifecycle behavior, not an npm install hook or confirmed data theft.

Static reason
No blocking static signals were detected.
Trigger
Pi `session_start` after `pi install npm:drejx`.
Impact
Automatic global package installation and local Docker container startup.
Mechanism
Pi extension executes package bootstrap and Docker initialization commands.
Rationale
The package is not malicious by static source inspection, but its bundled Pi extension automatically performs package installation and Docker setup on session startup. Treat as a warning-level first-party agent-extension lifecycle risk.
Evidence
package.jsonpi-extension/drejx.tsdist/init-DQgNaQ9M.mjsdist/config-BckUSA2b.mjs
Network endpoints1
127.0.0.1:8080

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` registers `pi-extension/drejx.ts` for Pi.
  • Pi `session_start` runs `ensureDrejxReady`.
  • Extension can run `npm install -g drejx` then `drejx init`.
  • `init` starts a Docker OpenSandbox container.
Evidence against
  • `package.json` has no preinstall/install/postinstall hooks.
  • CLI network fetches are user-invoked spec/registry actions.
  • No credential harvesting, exfiltration, eval, or remote payload execution found.
  • Config defaults target local `127.0.0.1:8080`.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 53.2 KB of source, external domains: 127.0.0.1, registry.drej.dev

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` registers `pi-extension/drejx.ts` for Pi.

package.jsonView on unpkg

Findings

6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings