AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/lib/codex-hooks.js` writes managed command hooks to `~/.codex/hooks.json`.
- `dist/lib/claude-settings.js` writes HTTP hooks to `~/.claude/settings.json`.
- `dist/lib/codex-rollout-traces.js` can persist `CODEX_ROLLOUT_TRACE_ROOT` through macOS `launchctl`.
- `dist/remote/session.js` can launch Claude with configured permission modes, including bypass mode.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Agent-control mutations are reached through explicit `hook install`, `codex hook install`, or `codex trace start` CLI commands.
- Managed hook relays target the local dashboard at `http://localhost:<port>`.
- No source evidence of credential harvesting, covert exfiltration, remote payload download, or obfuscated execution.
Source & flagged code
3 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/lib/codex-rollout-traces.jsView on unpkg · L6Package ships native binary artifacts.
app/macos-status-bar/bin/StatusBarAppView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/lib/codex-hooks.jsView on unpkg