AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. An npm install lifecycle hook silently alters the user's global Codex configuration and guidance files. It registers the package as an MCP server for future Codex sessions.
Decision evidence
public snapshot- package.json defines npm `install` lifecycle hook.
- `dist/cli.js` install command runs automatically during npm install.
- Installer writes a managed MCP server entry to `~/.codex/config.toml`.
- Installer modifies `~/.codex/AGENTS.md` and copies a skill into `~/.codex/skills/duya-workspace/SKILL.md`.
- The registered MCP entry executes this package's `dist/cli.js mcp` in future Codex sessions.
- Install path does not initiate network requests or browser launch.
- No arbitrary shell command execution beyond browser opening in explicit connect.
- Network API URL and token are user-supplied or obtained after explicit device approval.
- No credential harvesting, destructive deletion beyond its managed uninstall files, or remote payload loading found.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L32