registry  /  drejx  /  0.2.3

drejx@0.2.3

CLI for [drej](https://drej.dev) — start a local OpenSandbox server, manage sandbox snapshots, and add pre-built sandbox environments from the registry.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No install-time or import-time attack surface was found. Runtime behavior is an explicit CLI for local OpenSandbox setup and local agent spec management.

Static reason
No blocking static signals were detected.
Trigger
User runs `drejx init`, `drejx add <url>`, `drejx list`, or `drejx remove <name>`.
Impact
Creates drej/OpenSandbox config, starts a local Docker container, fetches user-requested specs, or removes configured local spec files.
Mechanism
explicit CLI Docker/config/spec management
Rationale
Source inspection shows package-aligned, user-invoked CLI behavior with no lifecycle hooks, stealth persistence, credential access, broad agent control-surface mutation, or exfiltration. Docker/socket use and remote spec fetch are explicit operational features, not an unconsented install-time attack chain.
Evidence
package.jsondist/index.mjsdist/init-Brr0XnWD.mjsdist/add-A6NlttEV.mjsdist/config-CkB-sFBW.mjsdist/remove-2aiGDPgO.mjsdist/list-BmWWDlHp.mjsREADME.mddrej.config.json.drej/~/.config/drejx/server.toml./agents/<name>.json
Network endpoints4
localhost:8080registry.drej.dev/python-datadrej.devopen-sandbox.ai

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks
    • dist/index.mjs only dispatches explicit CLI commands: init/add/list/remove
    • dist/add-A6NlttEV.mjs fetches user-supplied HTTP(S) or local JSON agent specs and validates them via @drej/agent
    • dist/init-Brr0XnWD.mjs runs Docker only after explicit `drejx init` and starts an OpenSandbox container
    • dist/config-CkB-sFBW.mjs writes drej-owned config defaults; no credential harvesting or exfiltration found
    • dist/remove-2aiGDPgO.mjs only unlinks a named JSON spec under configured agentsDir
    Behavioral surface
    Source
    ChildProcessFilesystemNetwork
    Supply chain
    HighEntropyStrings
    ManifestNo manifest risk signals triggered.
    scanned 6 file(s), 9.60 KB of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium3 Low
    MediumNetwork
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings