AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a Codex orchestration CLI with powerful user-invoked setup, hook, update, and workflow features, but inspected install-time behavior is limited to a version stamp/reminder.
Decision evidence
public snapshot- package.json defines postinstall and prepare lifecycle scripts.
- dist/cli/setup.js can write Codex config, hooks.json, AGENTS.md, prompts, skills, and plugin cache during explicit omx setup.
- dist/autoresearch/runtime.js runs git and user-provided evaluator commands with shell:true, but as an explicit autoresearch workflow.
- dist/cli/update.js fetches registry.npmjs.org and can run npm install/git clone for explicit update flows.
- dist/scripts/postinstall.js only runs for global installs and writes an install-version stamp/reminder; it does not install hooks or mutate Codex control surfaces.
- dist/cli/omx.js only imports the CLI entrypoint when the omx bin is invoked.
- No source-grounded credential harvesting or exfiltration found in inspected lifecycle, bin, setup, update, hooks, MCP, or autoresearch files.
- Network and child_process use is aligned with CLI update, diagnostics, git workflows, MCP code-intel, and user-invoked orchestration.
- Codex hook/AGENTS/config mutations are tied to explicit omx setup/plugin mode rather than install-time execution.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg