AI Security Review
scanned 22h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The package is an AI/Codex extension platform with broad agent hooks and setup-time Codex control-surface writes, but the risky mutations are user-invoked or plugin-scoped rather than unconsented lifecycle delivery.
Decision evidence
public snapshot- package.json defines postinstall and prepare lifecycle hooks.
- dist/scripts/postinstall.js runs only for global npm lifecycle and writes install stamp state.
- dist/cli/setup.js explicitly installs Codex skills/prompts/agents, hooks, AGENTS.md, config.toml, plugin cache, and tmux assets.
- plugins/oh-my-codex/.codex-plugin/plugin.json declares a Codex plugin with hooks and MCP metadata.
- plugins/oh-my-codex/hooks/hooks.json registers command hooks for Codex SessionStart/Tool/Prompt/Stop events.
- dist/cli/update.js can run npm global update and deferred setup refresh after user approval.
- postinstall does not run setup, register hooks, or mutate AGENTS/config; it only records version state.
- Setup/config mutation is exposed through explicit omx setup/update flows, with backups, prompts, dry-run/force handling, and project/user scope controls.
- MCP compatibility defaults to none and first-party MCP registrations are optional or preserved by prompt.
- Network endpoints are package-aligned npm registry/GitHub update sources, not exfiltration endpoints.
- No credential harvesting or covert file exfiltration found in inspected lifecycle paths.
- Runtime child_process use is aligned with CLI orchestration, git/npm/tmux diagnostics, and user-invoked tools.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg