AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are present but tied to an AI-agent orchestration CLI and explicit user commands rather than hidden install-time behavior.
Decision evidence
public snapshot- package.json has postinstall lifecycle importing dist/scripts/postinstall.js
- dist/cli/setup.js can write Codex config, prompts, skills, agents, and AGENTS.md during explicit setup
- dist/autoresearch/runtime.js runs git and a user-specified evaluator command with shell:true in autoresearch mode
- dist/mcp/code-intel-server.js may invoke npx/tsc/ast-grep for user-requested MCP tools
- dist/scripts/postinstall.js only runs for global installs and writes an install stamp/reminder; it does not install hooks or fetch code
- No install-time credential harvesting or exfiltration found in inspected lifecycle path
- Network use is package-aligned: npm registry update check, GitHub dev update/native assets, optional user-configured notification/test scripts
- Codex control-surface writes are setup/CLI-command driven, not hidden import-time mutation
- Dynamic imports in dist/cli/hooks.js validate user-created .omx/hooks plugins only when hooks commands dispatch/validate them
Source & flagged code
9 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40This package version adds a dangerous source file absent from the previous stored version.
dist/cli/index.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg