AI Security Review
scanned 17h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was found. The package is an agent/Codex extension bundle with lifecycle state stamping and user-invoked setup that can install package-aligned Codex skills, hooks, config, and plugin cache.
Decision evidence
public snapshot- package.json defines postinstall and prepare lifecycle scripts
- dist/scripts/postinstall.js runs on global npm install and writes an install stamp under CODEX_HOME/.omx
- plugins/oh-my-codex/.codex-plugin/plugin.json declares Codex plugin skills, hooks, apps, and MCP metadata
- plugins/oh-my-codex/hooks/hooks.json registers hook commands for multiple Codex hook events
- dist/cli/setup.js can install Codex skills/prompts/agents/config on explicit setup
- dist/autoresearch/runtime.js supports user-provided evaluator command with shell:true in autoresearch workflow
- postinstall is guarded to global installs and only updates install-state.json plus logs a setup reminder
- No install-time code copies hooks, rewrites .mcp.json, launches agents, or registers standing MCP servers
- Plugin MCP servers in plugins/oh-my-codex/.mcp.json are packaged disabled:false? actually enabled false for each server
- Network access seen is package-aligned update/native asset lookup to npm/GitHub, not credential exfiltration
- Runtime child_process and shell use are tied to explicit CLI/MCP/autoresearch workflows
- No credential harvesting, destructive persistence, or remote payload execution confirmed by source inspection
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg